Bug 2266523 (CVE-2024-1597) - CVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
Summary: CVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if...
Keywords:
Status: NEW
Alias: CVE-2024-1597
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2266524 2266525 2270746
Blocks: 2266526
TreeView+ depends on / blocked
 
Reported: 2024-02-28 04:38 UTC by Avinash Hanwate
Modified: 2025-03-04 08:28 UTC (History)
91 users (show)

Fixed In Version: PostgreSQL JDBC Driver 42.7.2, PostgreSQL JDBC Driver 42.6.1,PostgreSQL JDBC Driver 42.5.5, PostgreSQL JDBC Driver 42.4.4, PostgreSQL JDBC Driver 42.3.9, PostgreSQL JDBC Driver 42.2.28, PostgreSQL JDBC Driver 42.2.28.jre7
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:1950 0 None None None 2024-04-22 14:53:43 UTC
Red Hat Product Errata RHSA-2024:1435 0 None None None 2024-03-20 08:21:48 UTC
Red Hat Product Errata RHSA-2024:1436 0 None None None 2024-03-20 09:25:36 UTC
Red Hat Product Errata RHSA-2024:1649 0 None None None 2024-04-02 20:50:05 UTC
Red Hat Product Errata RHSA-2024:1662 0 None None None 2024-04-03 10:53:30 UTC
Red Hat Product Errata RHSA-2024:1686 0 None None None 2024-04-04 21:33:14 UTC
Red Hat Product Errata RHSA-2024:1797 0 None None None 2024-04-22 10:59:39 UTC
Red Hat Product Errata RHSA-2024:1999 0 None None None 2024-04-23 14:26:02 UTC
Red Hat Product Errata RHSA-2024:2624 0 None None None 2024-04-30 16:55:04 UTC
Red Hat Product Errata RHSA-2024:3313 0 None None None 2024-05-23 06:30:29 UTC
Red Hat Product Errata RHSA-2024:4057 0 None None None 2024-06-24 01:38:55 UTC
Red Hat Product Errata RHSA-2024:4375 0 None None None 2024-07-08 13:53:36 UTC
Red Hat Product Errata RHSA-2024:4402 0 None None None 2024-07-09 08:48:35 UTC
Red Hat Product Errata RHSA-2024:4884 0 None None None 2024-07-25 19:26:26 UTC
Red Hat Product Errata RHSA-2024:5056 0 None None None 2024-08-06 16:51:33 UTC

Description Avinash Hanwate 2024-02-28 04:38:15 UTC 
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
Comment 1 Avinash Hanwate 2024-02-28 04:40:28 UTC 
Created postgresql-jdbc tracking bugs for this issue:

Affects: fedora-all [bug 2266524]
Comment 3 Sandipan Roy 2024-02-28 08:50:28 UTC 
Commits:

https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40 (REL42.7.2)
https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee (REL42.7.2)
https://github.com/pgjdbc/pgjdbc/commit/1b1d6b53eca90409af0069d5327d4fdf8d40a255 (REL42.5.5)
https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5 (REL42.5.5)
https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730 (REL42.2.28)
https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c (REL42.2.28)
Comment 7 errata-xmlrpc 2024-03-20 08:21:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1435 https://access.redhat.com/errata/RHSA-2024:1435
Comment 8 errata-xmlrpc 2024-03-20 09:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1436 https://access.redhat.com/errata/RHSA-2024:1436
Comment 14 errata-xmlrpc 2024-04-02 20:50:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1649 https://access.redhat.com/errata/RHSA-2024:1649
Comment 15 errata-xmlrpc 2024-04-03 10:53:26 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.2.11

Via RHSA-2024:1662 https://access.redhat.com/errata/RHSA-2024:1662
Comment 16 errata-xmlrpc 2024-04-04 21:33:10 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2024:1686 https://access.redhat.com/errata/RHSA-2024:1686
Comment 17 errata-xmlrpc 2024-04-22 10:59:35 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 2.13.9.SP2

Via RHSA-2024:1797 https://access.redhat.com/errata/RHSA-2024:1797
Comment 18 errata-xmlrpc 2024-04-23 14:25:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1999 https://access.redhat.com/errata/RHSA-2024:1999
Comment 19 errata-xmlrpc 2024-04-30 16:55:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:2624 https://access.redhat.com/errata/RHSA-2024:2624
Comment 22 errata-xmlrpc 2024-05-23 06:30:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:3313 https://access.redhat.com/errata/RHSA-2024:3313
Comment 23 errata-xmlrpc 2024-06-24 01:38:48 UTC 
This issue has been addressed in the following products:

  RHOSS-1.33-RHEL-8

Via RHSA-2024:4057 https://access.redhat.com/errata/RHSA-2024:4057
Comment 24 errata-xmlrpc 2024-07-08 13:53:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4375 https://access.redhat.com/errata/RHSA-2024:4375
Comment 25 errata-xmlrpc 2024-07-09 08:48:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4402 https://access.redhat.com/errata/RHSA-2024:4402
Comment 29 errata-xmlrpc 2024-07-25 19:26:20 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.1 for Spring Boot

Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
Comment 30 errata-xmlrpc 2024-08-06 16:51:27 UTC 
This issue has been addressed in the following products:

  RHINT Camel-K 1.10.7

Via RHSA-2024:5056 https://access.redhat.com/errata/RHSA-2024:5056
Note You need to log in before you can comment on or make changes to this bug.