CVE-2024-1597

Summary

CVE-2024-1597 is a vulnerability affecting the pgjdbc PostgreSQL JDBC Driver. If the PreferQueryMode is set to SIMPLE, an attacker can inject SQL code by constructing a malicious payload that includes a numeric value preceded by a minus and a string value. This issue allows the attacker to bypass the protections of parameterized queries, potentially leading to unauthorized data access or manipulation. Notably, this vulnerability only affects versions of pgjdbc prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28. To avoid this vulnerability, it is recommended to update to a secure version or use the default query mode.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.