Lucene search
Redhat.comRH:CVE-2024-1597HistoryFeb 28, 2024 - 8:10 a.m.
CVE-2024-1597
2024-02-2808:10:45
redhat.com
access.redhat.com
38
postgresql
jdbc driver
sql injection
connection property
mitigation
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.
Mitigation
Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.
References
bugzilla.redhat.com/show_bug.cgi?id=2266523
github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
nvd.nist.gov/vuln/detail/CVE-2024-1597
www.cve.org/CVERecord?id=CVE-2024-1597
www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
Related
nessus
nessus
Oracle Linux 9 : postgresql-jdbc (ELSA-2024-1436)
2024-03-20 00:00:00
RHEL 8 : postgresql-jdbc : Security Update (Important) (RHSA-2024:2624)
2024-04-30 00:00:00
CentOS 8 : postgresql-jdbc (CESA-2024:1435)
2024-03-20 00:00:00
ibm
ibm
osv
osv
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
2024-02-21 23:33:43
BIT-postgresql-jdbc-driver-2024-1597
2024-03-12 08:33:54
Important: postgresql-jdbc security update
2024-03-20 00:00:00
almalinux
almalinux
Important: postgresql-jdbc security update
2024-03-20 00:00:00
Important: postgresql-jdbc security update
2024-03-20 00:00:00
oraclelinux
oraclelinux
postgresql-jdbc security update
2024-03-20 00:00:00
postgresql-jdbc security update
2024-03-20 00:00:00
ubuntucve
ubuntucve
CVE-2024-1597
2024-02-19 00:00:00
rocky
rocky
postgresql-jdbc security update
2024-05-10 14:32:42
postgresql-jdbc security update
2024-03-27 04:34:32
veracode
veracode
Sql Injection
2024-02-20 07:34:50
alpinelinux
alpinelinux
CVE-2024-1597
2024-02-19 13:15:07
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0771-1)
2024-03-06 00:00:00
Fedora: Security Advisory for postgresql-jdbc (FEDORA-2024-ed884c3203)
2024-03-25 00:00:00
Debian: Security Advisory (DLA-3812-1)
2024-05-10 00:00:00
redhat
redhat
(RHSA-2024:1999) Important: postgresql-jdbc security update
2024-04-23 13:53:41
(RHSA-2024:1649) Important: postgresql-jdbc: security update
2024-04-02 20:05:30
(RHSA-2024:2624) Important: postgresql-jdbc : Security Update
2024-04-30 16:32:02
mageia
mageia
Updated postgresql-jdbc packages fix security vulnerability
2024-04-12 02:58:49
fedora
fedora
[SECURITY] Fedora 40 Update: postgresql-jdbc-42.7.3-1.fc40
2024-03-23 00:53:40
cve
cve
CVE-2024-1597
2024-02-19 13:15:07
wolfi
wolfi
CVE-2024-1597 vulnerabilities
2024-05-18 09:07:35
cvelist
cvelist
CVE-2024-1597 pgjdbc SQL Injection via line comment generation
2024-02-19 12:58:48
prion
prion
Sql injection
2024-02-19 13:15:00
atlassian
atlassian
debian
debian
[SECURITY] [DLA 3812-1] libpgjava security update
2024-05-09 22:17:36
cgr
cgr
CVE-2024-1597 vulnerabilities
2024-05-18 09:07:38
thn
thn
github
github
debiancve
debiancve
CVE-2024-1597
2024-02-19 13:15:07
hivepro
hivepro
Critical SQL Injection Vulnerability Discovered in Atlassian Bamboo
2024-03-23 02:06:59
f5
f5
K000139489 : PostgreSQL JDBC Driver vulnerability CVE-2024-1597
2024-05-02 00:00:00
qualysblog
qualysblog
Oracle Patch Update, April 2024 Security Update Review
2024-04-17 14:39:59
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00