SQL Injection Vulnerability in PostgreSQL JDBC Driver
CVE-2024-1597
Key Information:
- Vendor
- Pgjdbc
- Status
- Pgjdbc
- Vendor
- CVE Published:
- 19 February 2024
Badges
Summary
The PostgreSQL JDBC Driver has a critical SQL injection vulnerability (CVE-2024-1597) that affects versions 42.7.0, 42.6.0, 42.5.0, 42.4.0, 42.3.0, and older. When the PreferQueryMode parameter is set to SIMPLE, attackers can inject SQL, potentially leading to unauthorized access, data leakage, or arbitrary code execution. PostgreSQL has released new versions of the driver to fix the vulnerability, and affected users are strongly recommended to update to the new versions. There are no known exploits by ransomware groups at this time.
Affected Version(s)
pgjdbc < 42.7.2 < 42.7.2
pgjdbc < 42.6.1 < 42.6.1
pgjdbc < 42.5.5 < 42.5.5
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
MalwarebytesCVE-2024-1597Was T-Mobile compromised by a zero-day in Jira? | Malwarebytes
IntelBroker is offering source code from major companies for sale. Are they demonstrating the value of a zero-day they are also selling?
7 months ago
OP InnovateCVE-2024-1597SQL Injection Vulnerability (CVE-2024-1597) in Bamboo Data Center and Server Patched by Atlassian - OP INNOVATE
Atlassian has patched a critical vulnerability in Bamboo Data Center and Server, designated CVE-2024-1597, with a CVSS score of 10.0, indicating severe risk. This SQL injection flaw, linked to the org.postgresql:postgresql dependency, affects versions 8.2.1 through 9.5.0, allowing exploitation witho...
10 months ago
References
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by malware.news
Vulnerability published
Vulnerability Reserved