CVE-2024-1597
- Source
- https://cve.org/CVERecord?id=CVE-2024-1597
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1597.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-1597
- Aliases
- Downstream
- Related
- Published
- 2024-02-19T13:15:07.740Z
- Modified
- 2026-02-02T21:34:30.102918Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
- References
-
- http://www.openwall.com/lists/oss-security/2024/04/02/6
- https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html
- https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html
- https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
- https://security.netapp.com/advisory/ntap-20240419-0008/
- https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
- https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
- https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/
Affected packages
Git / github.com/pgjdbc/pgjdbc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pgjdbc/pgjdbc
- Events
-
IntroducedFixedIntroducedFixedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
REL42.*
REL42.3.0
REL42.3.0-rc2
REL42.3.1
REL42.3.1-rc1
REL42.3.1-rc2
REL42.3.2
REL42.3.2-rc2
REL42.3.3
REL42.3.3-rc1
REL42.3.4
REL42.3.4-rc1
REL42.3.5
REL42.3.5-rc1
REL42.3.6
REL42.3.6-rc1
REL42.3.7
REL42.3.7-rc1
REL42.3.8
REL42.3.8-rc1
REL42.4.0
REL42.4.0-rc1
REL42.4.1
REL42.4.1-rc1
REL42.4.2
REL42.4.2-rc1
REL42.4.3
REL42.4.3-rc1
REL42.5.0
REL42.5.0-rc1
REL42.5.1
REL42.5.1-rc1
REL42.5.2
REL42.5.2-rc1
REL42.5.2-rc2
REL42.5.3
REL42.5.3-rc1
REL42.5.3-rc2
REL42.5.4
REL42.5.4-rc1
REL42.6.0
REL42.6.0-rc1
REL42.7.0
REL42.7.0-rc3
REL42.7.1
REL42.7.1-rc1
REL42.7.1-rc2
Database specific
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2024-1597-0b94fbad",
"digest": {
"function_hash": "326555595098098570554699247604453087821",
"length": 808.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95",
"target": {
"function": "negateParameterWithContinuation",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-115b2601",
"digest": {
"function_hash": "232161859972874314153704317581836804045",
"length": 690.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95",
"target": {
"function": "negateParameter",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-1773d92c",
"digest": {
"function_hash": "331584250147050604976538288516113356034",
"length": 2525.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c",
"target": {
"function": "toString",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-1fd0dba1",
"digest": {
"function_hash": "331584250147050604976538288516113356034",
"length": 2525.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e",
"target": {
"function": "toString",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-26c29484",
"digest": {
"function_hash": "331584250147050604976538288516113356034",
"length": 2525.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee",
"target": {
"function": "toString",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-2a61a71a",
"digest": {
"function_hash": "276580665969963967615120549973081295540",
"length": 422.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf",
"target": {
"function": "quoteAndCast",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-2e0e8842",
"digest": {
"function_hash": "266482421494970154880870211442343868005",
"length": 653.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee",
"target": {
"function": "negateParameter",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-3083b78d",
"digest": {
"function_hash": "326555595098098570554699247604453087821",
"length": 808.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf",
"target": {
"function": "negateParameterWithContinuation",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-37b9e800",
"digest": {
"function_hash": "232161859972874314153704317581836804045",
"length": 690.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf",
"target": {
"function": "negateParameter",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-403fed72",
"digest": {
"function_hash": "326555595098098570554699247604453087821",
"length": 808.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e",
"target": {
"function": "negateParameterWithContinuation",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-4141a688",
"digest": {
"line_hashes": [
"61002821911237465839976133570847340600",
"309984681325856676476712854045500391500",
"158802443078110701668433419110123028565",
"7399282723992429190395385776153675622",
"253961556628851014169184613608646507194",
"232036816096794482420724904946431763933",
"20903786691889688273511149863323538245",
"140784282287643728107418476909339371116",
"151213061333024472177885930541474460150",
"280775969686930724088856015828055220708",
"323674589193457206204165744697796905407",
"73777040413273267212796127254849927080",
"20593486292471228226020037842477204486",
"72856660537407199443570530754235407743",
"191706597968872673793632431665749481884",
"86416172722297390761570837298218962017",
"149681871957510774933595935319295722894",
"217827682943526121598200736755380564454",
"118062670654507376095575612484636629519",
"20593486292471228226020037842477204486",
"215071946343330507052750141617215637395",
"57146985149213353314419220635491901498",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"24501234535006697431234705038672472381",
"301562847937220970637639551624339328921",
"244302395484316180032830825128273532106",
"239523799162185118610715828659798610080",
"137125984020239007554627684848878808892",
"325593835200545652079327045116383455853",
"315813190952861742529857866252137156351",
"200042703698059871187354157719461040335",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"73110663443345950270603025109605971090",
"174519456598480135123250597117769454119",
"86416172722297390761570837298218962017",
"190304974424883756140222180391206786025",
"253903697703851286435030683123081821124",
"315818317869194241093051572633994448171",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"268711487937460013276022413706179911087",
"299189199604237415528076995662750367371",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee",
"target": {
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-4ba1e271",
"digest": {
"line_hashes": [
"61002821911237465839976133570847340600",
"309984681325856676476712854045500391500",
"158802443078110701668433419110123028565",
"7399282723992429190395385776153675622",
"253961556628851014169184613608646507194",
"232036816096794482420724904946431763933",
"20903786691889688273511149863323538245",
"140784282287643728107418476909339371116",
"151213061333024472177885930541474460150",
"280775969686930724088856015828055220708",
"323674589193457206204165744697796905407",
"73777040413273267212796127254849927080",
"20593486292471228226020037842477204486",
"309852565633488233782133960641629360489",
"312867317353626192224629012734279540332",
"230442682380592763546115345826551662312",
"287822028460380706656528440426879630375",
"217827682943526121598200736755380564454",
"118062670654507376095575612484636629519",
"20593486292471228226020037842477204486",
"251545240650640463821930463099316693990",
"313571358051619139186530161317060936191",
"46871823314265456266923110433621817943",
"21122737813376364848365344184749873113",
"24501234535006697431234705038672472381",
"301562847937220970637639551624339328921",
"244302395484316180032830825128273532106",
"239523799162185118610715828659798610080",
"137125984020239007554627684848878808892",
"325593835200545652079327045116383455853",
"315813190952861742529857866252137156351",
"200042703698059871187354157719461040335",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"73110663443345950270603025109605971090",
"174519456598480135123250597117769454119",
"86416172722297390761570837298218962017",
"190304974424883756140222180391206786025",
"253903697703851286435030683123081821124",
"315818317869194241093051572633994448171",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"268711487937460013276022413706179911087",
"299189199604237415528076995662750367371",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c",
"target": {
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-5422253f",
"digest": {
"function_hash": "232161859972874314153704317581836804045",
"length": 690.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5",
"target": {
"function": "negateParameter",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-551fbae6",
"digest": {
"function_hash": "276580665969963967615120549973081295540",
"length": 422.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c",
"target": {
"function": "quoteAndCast",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-56096934",
"digest": {
"function_hash": "232161859972874314153704317581836804045",
"length": 690.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e",
"target": {
"function": "negateParameter",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-56622c67",
"digest": {
"function_hash": "276580665969963967615120549973081295540",
"length": 422.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e",
"target": {
"function": "quoteAndCast",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-61cef026",
"digest": {
"function_hash": "331584250147050604976538288516113356034",
"length": 2525.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5",
"target": {
"function": "toString",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-64db9f03",
"digest": {
"line_hashes": [
"158478561702712864879466846771136115447",
"6970768406876601008947057186295021223",
"212118402369114652908929503258255653280",
"337402738967881178201786406658851221699",
"260252284118955699471898594351129166437",
"20352164641634242602228688915030421339",
"51614055495995471122720772441534020107",
"40217388341010696257030416547348120878",
"189744351111698568895670933745477506184",
"124398168250955352196009194115407749781",
"289657807224701769167854460822684857696",
"123069840390387150564222222747993382914",
"61724939753363602082016648203591088531",
"199059472252514495681140072692917231945",
"129761425372485463371000735514151067093",
"202932652897682192656682227104309467042",
"197660576820149360757980856862908777359",
"61634749618020457889207992097489785042",
"74794940955490388728290656710551849506",
"325376069323932163892411324810699030960",
"225677200263657926831770774498051017145",
"318712119915131818271956636532569773910",
"71482478980676302415076176596844959365",
"137329380406977426883990377902828122700",
"185133110091574364871970513748533858256",
"20032651057696466222809103532563447987",
"238002740809657608742886116893309879890",
"91332205319729489601699425184208215609",
"275341064611312177152465608208800354201",
"136916004957773405579926079388870756773",
"127303441799482918989532609389156777750",
"200106938023952757408657585600321108349",
"27753664583670744124136091972389087013",
"273855398308723067587300988194372833297",
"32934108892471593614769592633224085049",
"111812010820934811618192685857279905204",
"122973367007768239949948079415914733404",
"304076529884383184299747230734699412202",
"36400476110046784272863041710548882612",
"120608321698240520407382492930783698095",
"103171194645540827143596727744834508649",
"127789663322200911132929338492609141419",
"101734967806369505025515195104975840001",
"75863454884207762375969001397860065247",
"337931562013878525513711014694677297806",
"222523003209639169375865500226641061463",
"214787850117125619482497421788496496272",
"173579571887007346157004578205777130606",
"121545080927543368867129563665988476691",
"114118115544149017009297728224383834855",
"21863395980395405337431498599430504884",
"335795291858953606479242522810527291939",
"318333934127046229949669666395697411844",
"109740850246568826034363701274238473478",
"38393686474214537166294268988289079534",
"167905660379826018629100957963684600582",
"194063904679847494648163819771584267235",
"157232519873003772800393775478968888063",
"53126485726082781061084209151558335074",
"338181214851900360349660378529351623689",
"214002312391881901546233112702726117957",
"73359393547232634719771209719606830206",
"190234382215541717899696293976547223123",
"137075572916898335840172632924815335420",
"232804748571853758226081080666987969434",
"66042671239510904908046935676640170198",
"131367879709823225352342919183621528774",
"178143172283229353755479407397476545197"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5",
"target": {
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-684c6678",
"digest": {
"line_hashes": [
"158478561702712864879466846771136115447",
"6970768406876601008947057186295021223",
"212118402369114652908929503258255653280",
"337402738967881178201786406658851221699",
"260252284118955699471898594351129166437",
"20352164641634242602228688915030421339",
"51614055495995471122720772441534020107",
"40217388341010696257030416547348120878",
"189744351111698568895670933745477506184",
"124398168250955352196009194115407749781",
"289657807224701769167854460822684857696",
"123069840390387150564222222747993382914",
"61724939753363602082016648203591088531",
"199059472252514495681140072692917231945",
"129761425372485463371000735514151067093",
"202932652897682192656682227104309467042",
"197660576820149360757980856862908777359",
"61634749618020457889207992097489785042",
"74794940955490388728290656710551849506",
"325376069323932163892411324810699030960",
"225677200263657926831770774498051017145",
"318712119915131818271956636532569773910",
"71482478980676302415076176596844959365",
"137329380406977426883990377902828122700",
"185133110091574364871970513748533858256",
"20032651057696466222809103532563447987",
"238002740809657608742886116893309879890",
"91332205319729489601699425184208215609",
"275341064611312177152465608208800354201",
"136916004957773405579926079388870756773",
"127303441799482918989532609389156777750",
"200106938023952757408657585600321108349",
"27753664583670744124136091972389087013",
"273855398308723067587300988194372833297",
"32934108892471593614769592633224085049",
"111812010820934811618192685857279905204",
"122973367007768239949948079415914733404",
"304076529884383184299747230734699412202",
"36400476110046784272863041710548882612",
"120608321698240520407382492930783698095",
"103171194645540827143596727744834508649",
"127789663322200911132929338492609141419",
"101734967806369505025515195104975840001",
"75863454884207762375969001397860065247",
"337931562013878525513711014694677297806",
"222523003209639169375865500226641061463",
"214787850117125619482497421788496496272",
"173579571887007346157004578205777130606",
"121545080927543368867129563665988476691",
"114118115544149017009297728224383834855",
"21863395980395405337431498599430504884",
"335795291858953606479242522810527291939",
"318333934127046229949669666395697411844",
"109740850246568826034363701274238473478",
"38393686474214537166294268988289079534",
"167905660379826018629100957963684600582",
"194063904679847494648163819771584267235",
"157232519873003772800393775478968888063",
"53126485726082781061084209151558335074",
"338181214851900360349660378529351623689",
"214002312391881901546233112702726117957",
"73359393547232634719771209719606830206",
"190234382215541717899696293976547223123",
"137075572916898335840172632924815335420",
"232804748571853758226081080666987969434",
"66042671239510904908046935676640170198",
"131367879709823225352342919183621528774",
"178143172283229353755479407397476545197"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf",
"target": {
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-698ffb44",
"digest": {
"function_hash": "326555595098098570554699247604453087821",
"length": 808.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c",
"target": {
"function": "negateParameterWithContinuation",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-73a84b0a",
"digest": {
"function_hash": "326555595098098570554699247604453087821",
"length": 808.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee",
"target": {
"function": "negateParameterWithContinuation",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-754e64e6",
"digest": {
"line_hashes": [
"61002821911237465839976133570847340600",
"309984681325856676476712854045500391500",
"158802443078110701668433419110123028565",
"7399282723992429190395385776153675622",
"253961556628851014169184613608646507194",
"232036816096794482420724904946431763933",
"20903786691889688273511149863323538245",
"140784282287643728107418476909339371116",
"151213061333024472177885930541474460150",
"280775969686930724088856015828055220708",
"323674589193457206204165744697796905407",
"73777040413273267212796127254849927080",
"20593486292471228226020037842477204486",
"309852565633488233782133960641629360489",
"312867317353626192224629012734279540332",
"230442682380592763546115345826551662312",
"287822028460380706656528440426879630375",
"217827682943526121598200736755380564454",
"118062670654507376095575612484636629519",
"20593486292471228226020037842477204486",
"251545240650640463821930463099316693990",
"313571358051619139186530161317060936191",
"46871823314265456266923110433621817943",
"21122737813376364848365344184749873113",
"24501234535006697431234705038672472381",
"301562847937220970637639551624339328921",
"244302395484316180032830825128273532106",
"239523799162185118610715828659798610080",
"137125984020239007554627684848878808892",
"325593835200545652079327045116383455853",
"315813190952861742529857866252137156351",
"200042703698059871187354157719461040335",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"73110663443345950270603025109605971090",
"174519456598480135123250597117769454119",
"86416172722297390761570837298218962017",
"190304974424883756140222180391206786025",
"253903697703851286435030683123081821124",
"315818317869194241093051572633994448171",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"268711487937460013276022413706179911087",
"299189199604237415528076995662750367371",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e",
"target": {
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-756a5da8",
"digest": {
"function_hash": "331584250147050604976538288516113356034",
"length": 2525.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf",
"target": {
"function": "toString",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-83f6278f",
"digest": {
"function_hash": "326555595098098570554699247604453087821",
"length": 808.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5",
"target": {
"function": "negateParameterWithContinuation",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-89ecfeef",
"digest": {
"line_hashes": [
"61002821911237465839976133570847340600",
"309984681325856676476712854045500391500",
"158802443078110701668433419110123028565",
"7399282723992429190395385776153675622",
"253961556628851014169184613608646507194",
"232036816096794482420724904946431763933",
"20903786691889688273511149863323538245",
"140784282287643728107418476909339371116",
"151213061333024472177885930541474460150",
"280775969686930724088856015828055220708",
"323674589193457206204165744697796905407",
"73777040413273267212796127254849927080",
"20593486292471228226020037842477204486",
"309852565633488233782133960641629360489",
"312867317353626192224629012734279540332",
"230442682380592763546115345826551662312",
"287822028460380706656528440426879630375",
"217827682943526121598200736755380564454",
"118062670654507376095575612484636629519",
"20593486292471228226020037842477204486",
"251545240650640463821930463099316693990",
"313571358051619139186530161317060936191",
"46871823314265456266923110433621817943",
"21122737813376364848365344184749873113",
"24501234535006697431234705038672472381",
"301562847937220970637639551624339328921",
"244302395484316180032830825128273532106",
"239523799162185118610715828659798610080",
"137125984020239007554627684848878808892",
"325593835200545652079327045116383455853",
"315813190952861742529857866252137156351",
"200042703698059871187354157719461040335",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"73110663443345950270603025109605971090",
"174519456598480135123250597117769454119",
"86416172722297390761570837298218962017",
"190304974424883756140222180391206786025",
"253903697703851286435030683123081821124",
"315818317869194241093051572633994448171",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"268711487937460013276022413706179911087",
"299189199604237415528076995662750367371",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5",
"target": {
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-94f6dc04",
"digest": {
"line_hashes": [
"158478561702712864879466846771136115447",
"6970768406876601008947057186295021223",
"212118402369114652908929503258255653280",
"337402738967881178201786406658851221699",
"260252284118955699471898594351129166437",
"20352164641634242602228688915030421339",
"51614055495995471122720772441534020107",
"40217388341010696257030416547348120878",
"189744351111698568895670933745477506184",
"124398168250955352196009194115407749781",
"289657807224701769167854460822684857696",
"123069840390387150564222222747993382914",
"61724939753363602082016648203591088531",
"199059472252514495681140072692917231945",
"129761425372485463371000735514151067093",
"202932652897682192656682227104309467042",
"197660576820149360757980856862908777359",
"61634749618020457889207992097489785042",
"74794940955490388728290656710551849506",
"325376069323932163892411324810699030960",
"225677200263657926831770774498051017145",
"318712119915131818271956636532569773910",
"71482478980676302415076176596844959365",
"137329380406977426883990377902828122700",
"185133110091574364871970513748533858256",
"20032651057696466222809103532563447987",
"238002740809657608742886116893309879890",
"91332205319729489601699425184208215609",
"275341064611312177152465608208800354201",
"136916004957773405579926079388870756773",
"127303441799482918989532609389156777750",
"200106938023952757408657585600321108349",
"27753664583670744124136091972389087013",
"273855398308723067587300988194372833297",
"32934108892471593614769592633224085049",
"111812010820934811618192685857279905204",
"122973367007768239949948079415914733404",
"304076529884383184299747230734699412202",
"36400476110046784272863041710548882612",
"120608321698240520407382492930783698095",
"103171194645540827143596727744834508649",
"127789663322200911132929338492609141419",
"101734967806369505025515195104975840001",
"75863454884207762375969001397860065247",
"337931562013878525513711014694677297806",
"222523003209639169375865500226641061463",
"214787850117125619482497421788496496272",
"173579571887007346157004578205777130606",
"121545080927543368867129563665988476691",
"114118115544149017009297728224383834855",
"21863395980395405337431498599430504884",
"335795291858953606479242522810527291939",
"318333934127046229949669666395697411844",
"109740850246568826034363701274238473478",
"38393686474214537166294268988289079534",
"167905660379826018629100957963684600582",
"194063904679847494648163819771584267235",
"157232519873003772800393775478968888063",
"53126485726082781061084209151558335074",
"338181214851900360349660378529351623689",
"214002312391881901546233112702726117957",
"73359393547232634719771209719606830206",
"190234382215541717899696293976547223123",
"137075572916898335840172632924815335420",
"232804748571853758226081080666987969434",
"66042671239510904908046935676640170198",
"131367879709823225352342919183621528774",
"178143172283229353755479407397476545197"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee",
"target": {
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-ac5c1df2",
"digest": {
"function_hash": "276580665969963967615120549973081295540",
"length": 422.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95",
"target": {
"function": "quoteAndCast",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-b5d4698b",
"digest": {
"function_hash": "232161859972874314153704317581836804045",
"length": 690.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c",
"target": {
"function": "negateParameter",
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-ba4f4aba",
"digest": {
"function_hash": "276580665969963967615120549973081295540",
"length": 422.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5",
"target": {
"function": "quoteAndCast",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-c9b35cfc",
"digest": {
"function_hash": "331584250147050604976538288516113356034",
"length": 2525.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95",
"target": {
"function": "toString",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-d0ad8351",
"digest": {
"line_hashes": [
"61002821911237465839976133570847340600",
"309984681325856676476712854045500391500",
"158802443078110701668433419110123028565",
"7399282723992429190395385776153675622",
"253961556628851014169184613608646507194",
"232036816096794482420724904946431763933",
"20903786691889688273511149863323538245",
"140784282287643728107418476909339371116",
"151213061333024472177885930541474460150",
"280775969686930724088856015828055220708",
"323674589193457206204165744697796905407",
"73777040413273267212796127254849927080",
"20593486292471228226020037842477204486",
"309852565633488233782133960641629360489",
"312867317353626192224629012734279540332",
"230442682380592763546115345826551662312",
"287822028460380706656528440426879630375",
"217827682943526121598200736755380564454",
"118062670654507376095575612484636629519",
"20593486292471228226020037842477204486",
"251545240650640463821930463099316693990",
"313571358051619139186530161317060936191",
"46871823314265456266923110433621817943",
"21122737813376364848365344184749873113",
"24501234535006697431234705038672472381",
"301562847937220970637639551624339328921",
"244302395484316180032830825128273532106",
"239523799162185118610715828659798610080",
"137125984020239007554627684848878808892",
"325593835200545652079327045116383455853",
"315813190952861742529857866252137156351",
"200042703698059871187354157719461040335",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"73110663443345950270603025109605971090",
"174519456598480135123250597117769454119",
"86416172722297390761570837298218962017",
"190304974424883756140222180391206786025",
"253903697703851286435030683123081821124",
"315818317869194241093051572633994448171",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"268711487937460013276022413706179911087",
"299189199604237415528076995662750367371",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf",
"target": {
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-d550fd59",
"digest": {
"line_hashes": [
"158478561702712864879466846771136115447",
"6970768406876601008947057186295021223",
"212118402369114652908929503258255653280",
"337402738967881178201786406658851221699",
"260252284118955699471898594351129166437",
"20352164641634242602228688915030421339",
"51614055495995471122720772441534020107",
"40217388341010696257030416547348120878",
"189744351111698568895670933745477506184",
"124398168250955352196009194115407749781",
"289657807224701769167854460822684857696",
"123069840390387150564222222747993382914",
"61724939753363602082016648203591088531",
"199059472252514495681140072692917231945",
"129761425372485463371000735514151067093",
"202932652897682192656682227104309467042",
"197660576820149360757980856862908777359",
"61634749618020457889207992097489785042",
"74794940955490388728290656710551849506",
"325376069323932163892411324810699030960",
"225677200263657926831770774498051017145",
"318712119915131818271956636532569773910",
"71482478980676302415076176596844959365",
"137329380406977426883990377902828122700",
"185133110091574364871970513748533858256",
"20032651057696466222809103532563447987",
"238002740809657608742886116893309879890",
"91332205319729489601699425184208215609",
"275341064611312177152465608208800354201",
"136916004957773405579926079388870756773",
"127303441799482918989532609389156777750",
"200106938023952757408657585600321108349",
"27753664583670744124136091972389087013",
"273855398308723067587300988194372833297",
"32934108892471593614769592633224085049",
"111812010820934811618192685857279905204",
"122973367007768239949948079415914733404",
"304076529884383184299747230734699412202",
"36400476110046784272863041710548882612",
"120608321698240520407382492930783698095",
"103171194645540827143596727744834508649",
"127789663322200911132929338492609141419",
"101734967806369505025515195104975840001",
"75863454884207762375969001397860065247",
"337931562013878525513711014694677297806",
"222523003209639169375865500226641061463",
"214787850117125619482497421788496496272",
"173579571887007346157004578205777130606",
"121545080927543368867129563665988476691",
"114118115544149017009297728224383834855",
"21863395980395405337431498599430504884",
"335795291858953606479242522810527291939",
"318333934127046229949669666395697411844",
"109740850246568826034363701274238473478",
"38393686474214537166294268988289079534",
"167905660379826018629100957963684600582",
"194063904679847494648163819771584267235",
"157232519873003772800393775478968888063",
"53126485726082781061084209151558335074",
"338181214851900360349660378529351623689",
"214002312391881901546233112702726117957",
"73359393547232634719771209719606830206",
"190234382215541717899696293976547223123",
"137075572916898335840172632924815335420",
"232804748571853758226081080666987969434",
"66042671239510904908046935676640170198",
"131367879709823225352342919183621528774",
"178143172283229353755479407397476545197"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e",
"target": {
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-eb78c36a",
"digest": {
"function_hash": "276580665969963967615120549973081295540",
"length": 422.0
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee",
"target": {
"function": "quoteAndCast",
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-ebd60dff",
"digest": {
"line_hashes": [
"61002821911237465839976133570847340600",
"309984681325856676476712854045500391500",
"158802443078110701668433419110123028565",
"7399282723992429190395385776153675622",
"253961556628851014169184613608646507194",
"232036816096794482420724904946431763933",
"20903786691889688273511149863323538245",
"140784282287643728107418476909339371116",
"151213061333024472177885930541474460150",
"280775969686930724088856015828055220708",
"323674589193457206204165744697796905407",
"73777040413273267212796127254849927080",
"20593486292471228226020037842477204486",
"309852565633488233782133960641629360489",
"312867317353626192224629012734279540332",
"230442682380592763546115345826551662312",
"287822028460380706656528440426879630375",
"217827682943526121598200736755380564454",
"118062670654507376095575612484636629519",
"20593486292471228226020037842477204486",
"251545240650640463821930463099316693990",
"313571358051619139186530161317060936191",
"46871823314265456266923110433621817943",
"21122737813376364848365344184749873113",
"24501234535006697431234705038672472381",
"301562847937220970637639551624339328921",
"244302395484316180032830825128273532106",
"239523799162185118610715828659798610080",
"137125984020239007554627684848878808892",
"325593835200545652079327045116383455853",
"315813190952861742529857866252137156351",
"200042703698059871187354157719461040335",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"73110663443345950270603025109605971090",
"174519456598480135123250597117769454119",
"86416172722297390761570837298218962017",
"190304974424883756140222180391206786025",
"253903697703851286435030683123081821124",
"315818317869194241093051572633994448171",
"179019958253867719237751319771125417999",
"119550859589849288841479929374296600019",
"268711487937460013276022413706179911087",
"299189199604237415528076995662750367371",
"104141559624599199481895315164917241770",
"124475669231848505249195556423355128808",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95",
"target": {
"file": "pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-fa47aef5",
"digest": {
"line_hashes": [
"158478561702712864879466846771136115447",
"6970768406876601008947057186295021223",
"212118402369114652908929503258255653280",
"337402738967881178201786406658851221699",
"260252284118955699471898594351129166437",
"20352164641634242602228688915030421339",
"51614055495995471122720772441534020107",
"40217388341010696257030416547348120878",
"189744351111698568895670933745477506184",
"124398168250955352196009194115407749781",
"289657807224701769167854460822684857696",
"123069840390387150564222222747993382914",
"61724939753363602082016648203591088531",
"199059472252514495681140072692917231945",
"129761425372485463371000735514151067093",
"202932652897682192656682227104309467042",
"197660576820149360757980856862908777359",
"61634749618020457889207992097489785042",
"74794940955490388728290656710551849506",
"325376069323932163892411324810699030960",
"225677200263657926831770774498051017145",
"318712119915131818271956636532569773910",
"71482478980676302415076176596844959365",
"137329380406977426883990377902828122700",
"185133110091574364871970513748533858256",
"20032651057696466222809103532563447987",
"238002740809657608742886116893309879890",
"91332205319729489601699425184208215609",
"275341064611312177152465608208800354201",
"136916004957773405579926079388870756773",
"127303441799482918989532609389156777750",
"200106938023952757408657585600321108349",
"27753664583670744124136091972389087013",
"273855398308723067587300988194372833297",
"32934108892471593614769592633224085049",
"111812010820934811618192685857279905204",
"122973367007768239949948079415914733404",
"304076529884383184299747230734699412202",
"36400476110046784272863041710548882612",
"120608321698240520407382492930783698095",
"103171194645540827143596727744834508649",
"127789663322200911132929338492609141419",
"101734967806369505025515195104975840001",
"75863454884207762375969001397860065247",
"337931562013878525513711014694677297806",
"222523003209639169375865500226641061463",
"214787850117125619482497421788496496272",
"173579571887007346157004578205777130606",
"121545080927543368867129563665988476691",
"114118115544149017009297728224383834855",
"21863395980395405337431498599430504884",
"335795291858953606479242522810527291939",
"318333934127046229949669666395697411844",
"109740850246568826034363701274238473478",
"38393686474214537166294268988289079534",
"167905660379826018629100957963684600582",
"194063904679847494648163819771584267235",
"157232519873003772800393775478968888063",
"53126485726082781061084209151558335074",
"338181214851900360349660378529351623689",
"214002312391881901546233112702726117957",
"73359393547232634719771209719606830206",
"190234382215541717899696293976547223123",
"137075572916898335840172632924815335420",
"232804748571853758226081080666987969434",
"66042671239510904908046935676640170198",
"131367879709823225352342919183621528774",
"178143172283229353755479407397476545197"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c",
"target": {
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-1597-fc71e42d",
"digest": {
"line_hashes": [
"158478561702712864879466846771136115447",
"6970768406876601008947057186295021223",
"212118402369114652908929503258255653280",
"337402738967881178201786406658851221699",
"260252284118955699471898594351129166437",
"20352164641634242602228688915030421339",
"51614055495995471122720772441534020107",
"40217388341010696257030416547348120878",
"189744351111698568895670933745477506184",
"124398168250955352196009194115407749781",
"289657807224701769167854460822684857696",
"123069840390387150564222222747993382914",
"61724939753363602082016648203591088531",
"199059472252514495681140072692917231945",
"129761425372485463371000735514151067093",
"202932652897682192656682227104309467042",
"197660576820149360757980856862908777359",
"61634749618020457889207992097489785042",
"74794940955490388728290656710551849506",
"325376069323932163892411324810699030960",
"225677200263657926831770774498051017145",
"318712119915131818271956636532569773910",
"71482478980676302415076176596844959365",
"137329380406977426883990377902828122700",
"185133110091574364871970513748533858256",
"20032651057696466222809103532563447987",
"238002740809657608742886116893309879890",
"91332205319729489601699425184208215609",
"275341064611312177152465608208800354201",
"136916004957773405579926079388870756773",
"127303441799482918989532609389156777750",
"200106938023952757408657585600321108349",
"27753664583670744124136091972389087013",
"273855398308723067587300988194372833297",
"32934108892471593614769592633224085049",
"111812010820934811618192685857279905204",
"122973367007768239949948079415914733404",
"304076529884383184299747230734699412202",
"36400476110046784272863041710548882612",
"120608321698240520407382492930783698095",
"103171194645540827143596727744834508649",
"127789663322200911132929338492609141419",
"101734967806369505025515195104975840001",
"75863454884207762375969001397860065247",
"337931562013878525513711014694677297806",
"222523003209639169375865500226641061463",
"214787850117125619482497421788496496272",
"173579571887007346157004578205777130606",
"121545080927543368867129563665988476691",
"114118115544149017009297728224383834855",
"21863395980395405337431498599430504884",
"335795291858953606479242522810527291939",
"318333934127046229949669666395697411844",
"109740850246568826034363701274238473478",
"38393686474214537166294268988289079534",
"167905660379826018629100957963684600582",
"194063904679847494648163819771584267235",
"157232519873003772800393775478968888063",
"53126485726082781061084209151558335074",
"338181214851900360349660378529351623689",
"214002312391881901546233112702726117957",
"73359393547232634719771209719606830206",
"190234382215541717899696293976547223123",
"137075572916898335840172632924815335420",
"232804748571853758226081080666987969434",
"66042671239510904908046935676640170198",
"131367879709823225352342919183621528774",
"178143172283229353755479407397476545197"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95",
"target": {
"file": "pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1597.json"