CVE-2024-1597: PostgreSQL pgjdbc: SQL injection in non-default configuration

CVE-2024-1597: PostgreSQL pgjdbc: SQL injection in non-default configuration

Open Source Security [[{„value“:“

Posted by daniel on Apr 02

###
## Summary
###
On the 21st of February 2024 a security advisory for the JDBC driver of
PosgreSQL was published [1].
Which states: „SQL injection is possible when using the non-default
connection property preferQueryMode=simple in combination with
application code that has a vulnerable SQL that negates a parameter value.“
Corresponding fixes were published at the 19th of February 2024.

###
## Severity
###
The severity…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert