2 matches found
CLSA-2025-1762243790 postgresql-jdbc: Fix of CVE-2024-1597
update to 42.2.28 - CVE-2024-1597: fix SQL injection in PostgreSQL JDBC simple query mode...
GHSA-24RP-Q3W6-VC56 org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not overri...