{"id":"CVE-2024-1597","details":"pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.","aliases":["BIT-postgresql-jdbc-driver-2024-1597","GHSA-24rp-q3w6-vc56"],"modified":"2026-04-16T04:30:46.053163521Z","published":"2024-02-19T13:15:07.740Z","related":["ALSA-2024:1435","ALSA-2024:1436","CGA-4m3q-q259-cf3q","GHSA-24rp-q3w6-vc56","SUSE-SU-2024:0769-1","SUSE-SU-2024:0771-1","SUSE-SU-2024:0773-1","openSUSE-SU-2024:13734-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/02/6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240419-0008/"},{"type":"ADVISORY","url":"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"},{"type":"ADVISORY","url":"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"},{"type":"ARTICLE","url":"https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pgjdbc/pgjdbc","events":[{"introduced":"0"},{"fixed":"990d63f6be401ab40de5eb303a75924c9e71903c"},{"introduced":"6d93eb817f334b383d2c8716a50d8c1255e24236"},{"fixed":"d93c74127f5aebda2baa8fcefed4f0b4dfe81d95"},{"introduced":"09166bdf724b9a869520a75bfd44716b7af8db2d"},{"fixed":"fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf"},{"introduced":"f490edf94bddc103c291b9429f8a63275d64e4ea"},{"fixed":"475e3e2af3033c666fc1c0015159b35455118ae5"},{"introduced":"d6a0cc2babc5e5a4cef0a8eafd1b36198d8e3873"},{"fixed":"d368b1cc5fbfc9750151f87d78e12db97e13af0e"},{"introduced":"1566eed0caeb26108f9df1d28255538767b7676f"},{"fixed":"06abfb78a627277a580d4df825f210e96a4e14ee"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"42.2.28"},{"introduced":"42.3.0"},{"fixed":"42.3.9"},{"introduced":"42.4.0"},{"fixed":"42.4.4"},{"introduced":"42.5.0"},{"fixed":"42.5.5"},{"introduced":"42.6.0"},{"fixed":"42.6.1"},{"introduced":"42.7.0"},{"fixed":"42.7.2"}]}}],"versions":["REL42.0.0","REL42.1.0","REL42.1.1","REL42.1.2","REL42.1.3","REL42.1.4","REL42.2.0","REL42.2.1","REL42.2.10","REL42.2.11","REL42.2.12","REL42.2.13","REL42.2.14","REL42.2.14-rc1","REL42.2.15","REL42.2.15-rc1","REL42.2.15-rc2","REL42.2.16","REL42.2.16-rc2","REL42.2.17","REL42.2.17-rc1","REL42.2.18","REL42.2.18-rc1","REL42.2.19","REL42.2.19-rc1","REL42.2.19-rc2","REL42.2.2","REL42.2.20","REL42.2.20-rc1","REL42.2.20-rc2","REL42.2.21","REL42.2.21-rc1","REL42.2.21-rc2","REL42.2.22","REL42.2.22-rc1","REL42.2.23","REL42.2.23-rc1","REL42.2.23-rc3","REL42.2.23-rc4","REL42.2.23-rc5","REL42.2.23-rc6","REL42.2.24","REL42.2.24-rc1","REL42.2.24-rc2","REL42.2.25","REL42.2.25-rc1","REL42.2.26","REL42.2.26-rc1","REL42.2.26-rc2","REL42.2.27","REL42.2.27-rc1","REL42.2.3","REL42.2.4","REL42.2.5","REL42.2.6","REL42.2.7","REL42.2.8","REL42.2.9","REL42.3.0","REL42.3.0-rc1","REL42.3.0-rc2","REL42.3.1","REL42.3.1-rc1","REL42.3.1-rc2","REL42.3.2","REL42.3.2-rc2","REL42.3.3","REL42.3.3-rc1","REL42.3.4","REL42.3.4-rc1","REL42.3.5","REL42.3.5-rc1","REL42.3.6","REL42.3.6-rc1","REL42.3.7","REL42.3.7-rc1","REL42.3.8","REL42.3.8-rc1","REL42.4.0","REL42.4.0-rc1","REL42.4.1","REL42.4.1-rc1","REL42.4.2","REL42.4.2-rc1","REL42.4.3","REL42.4.3-rc1","REL42.5.0","REL42.5.0-rc1","REL42.5.1","REL42.5.1-rc1","REL42.5.2","REL42.5.2-rc1","REL42.5.2-rc2","REL42.5.3","REL42.5.3-rc1","REL42.5.3-rc2","REL42.5.4","REL42.5.4-rc1","REL42.6.0","REL42.6.0-rc1","REL42.7.0","REL42.7.0-rc3","REL42.7.1","REL42.7.1-rc1","REL42.7.1-rc2","REL6_5","REL7_0","REL7_1","REL7_1_BETA","REL7_1_BETA2","REL7_1_BETA3","REL7_2","REL7_2_3","REL7_2_4","REL7_2_BETA1","REL7_2_BETA2","REL7_2_BETA3","REL7_2_BETA4","REL7_2_BETA5","REL7_2_RC1","REL7_2_RC2","REL7_4_BETA1","REL7_4_BETA2","REL7_4_BETA3","REL7_4_BETA4","REL7_4_BETA5","REL7_4_RC1","REL7_4_RC2","REL8_0_309","REL8_1_404","REL8_2_504","REL8_3_603","REL8_4_701","REL9.4.1207","REL9.4.1208","REL9.4.1209","REL9.4.1210","REL9.4.1211","REL9.4.1212","REL9_0_801","REL9_3_1100","REL9_4_1201","REL9_4_1203","REL9_4_1204","REL9_4_1205","REL9_4_1206","release-6-3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1597.json","vanir_signatures":[{"signature_version":"v1","target":{"function":"negateParameterWithContinuation","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95","signature_type":"Function","id":"CVE-2024-1597-0b94fbad","digest":{"function_hash":"326555595098098570554699247604453087821","length":808},"deprecated":false},{"signature_version":"v1","target":{"function":"negateParameter","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95","signature_type":"Function","id":"CVE-2024-1597-115b2601","digest":{"function_hash":"232161859972874314153704317581836804045","length":690},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c","target":{"function":"toString","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-1773d92c","digest":{"function_hash":"331584250147050604976538288516113356034","length":2525},"deprecated":false},{"signature_version":"v1","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java","function":"toString"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e","signature_type":"Function","id":"CVE-2024-1597-1fd0dba1","digest":{"function_hash":"331584250147050604976538288516113356034","length":2525},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee","target":{"function":"toString","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-26c29484","digest":{"function_hash":"331584250147050604976538288516113356034","length":2525},"deprecated":false},{"deprecated":false,"target":{"function":"quoteAndCast","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf","signature_type":"Function","id":"CVE-2024-1597-2a61a71a","digest":{"function_hash":"276580665969963967615120549973081295540","length":422},"signature_version":"v1"},{"signature_version":"v1","target":{"function":"negateParameter","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee","signature_type":"Function","id":"CVE-2024-1597-2e0e8842","digest":{"function_hash":"266482421494970154880870211442343868005","length":653},"deprecated":false},{"signature_version":"v1","target":{"function":"negateParameterWithContinuation","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf","signature_type":"Function","id":"CVE-2024-1597-3083b78d","digest":{"function_hash":"326555595098098570554699247604453087821","length":808},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf","target":{"function":"negateParameter","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"id":"CVE-2024-1597-37b9e800","digest":{"function_hash":"232161859972874314153704317581836804045","length":690},"deprecated":false},{"deprecated":false,"target":{"function":"negateParameterWithContinuation","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e","signature_type":"Function","id":"CVE-2024-1597-403fed72","digest":{"function_hash":"326555595098098570554699247604453087821","length":808},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee","signature_type":"Line","id":"CVE-2024-1597-4141a688","digest":{"threshold":0.9,"line_hashes":["61002821911237465839976133570847340600","309984681325856676476712854045500391500","158802443078110701668433419110123028565","7399282723992429190395385776153675622","253961556628851014169184613608646507194","232036816096794482420724904946431763933","20903786691889688273511149863323538245","140784282287643728107418476909339371116","151213061333024472177885930541474460150","280775969686930724088856015828055220708","323674589193457206204165744697796905407","73777040413273267212796127254849927080","20593486292471228226020037842477204486","72856660537407199443570530754235407743","191706597968872673793632431665749481884","86416172722297390761570837298218962017","149681871957510774933595935319295722894","217827682943526121598200736755380564454","118062670654507376095575612484636629519","20593486292471228226020037842477204486","215071946343330507052750141617215637395","57146985149213353314419220635491901498","104141559624599199481895315164917241770","124475669231848505249195556423355128808","24501234535006697431234705038672472381","301562847937220970637639551624339328921","244302395484316180032830825128273532106","239523799162185118610715828659798610080","137125984020239007554627684848878808892","325593835200545652079327045116383455853","315813190952861742529857866252137156351","200042703698059871187354157719461040335","179019958253867719237751319771125417999","119550859589849288841479929374296600019","73110663443345950270603025109605971090","174519456598480135123250597117769454119","86416172722297390761570837298218962017","190304974424883756140222180391206786025","253903697703851286435030683123081821124","315818317869194241093051572633994448171","179019958253867719237751319771125417999","119550859589849288841479929374296600019","268711487937460013276022413706179911087","299189199604237415528076995662750367371","104141559624599199481895315164917241770","124475669231848505249195556423355128808","108587633537507210242609878158511307392"]},"deprecated":false},{"deprecated":false,"signature_type":"Line","source":"https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c","target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"id":"CVE-2024-1597-4ba1e271","digest":{"threshold":0.9,"line_hashes":["61002821911237465839976133570847340600","309984681325856676476712854045500391500","158802443078110701668433419110123028565","7399282723992429190395385776153675622","253961556628851014169184613608646507194","232036816096794482420724904946431763933","20903786691889688273511149863323538245","140784282287643728107418476909339371116","151213061333024472177885930541474460150","280775969686930724088856015828055220708","323674589193457206204165744697796905407","73777040413273267212796127254849927080","20593486292471228226020037842477204486","309852565633488233782133960641629360489","312867317353626192224629012734279540332","230442682380592763546115345826551662312","287822028460380706656528440426879630375","217827682943526121598200736755380564454","118062670654507376095575612484636629519","20593486292471228226020037842477204486","251545240650640463821930463099316693990","313571358051619139186530161317060936191","46871823314265456266923110433621817943","21122737813376364848365344184749873113","24501234535006697431234705038672472381","301562847937220970637639551624339328921","244302395484316180032830825128273532106","239523799162185118610715828659798610080","137125984020239007554627684848878808892","325593835200545652079327045116383455853","315813190952861742529857866252137156351","200042703698059871187354157719461040335","179019958253867719237751319771125417999","119550859589849288841479929374296600019","73110663443345950270603025109605971090","174519456598480135123250597117769454119","86416172722297390761570837298218962017","190304974424883756140222180391206786025","253903697703851286435030683123081821124","315818317869194241093051572633994448171","179019958253867719237751319771125417999","119550859589849288841479929374296600019","268711487937460013276022413706179911087","299189199604237415528076995662750367371","104141559624599199481895315164917241770","124475669231848505249195556423355128808","108587633537507210242609878158511307392"]},"signature_version":"v1"},{"signature_version":"v1","target":{"function":"negateParameter","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5","signature_type":"Function","id":"CVE-2024-1597-5422253f","digest":{"function_hash":"232161859972874314153704317581836804045","length":690},"deprecated":false},{"signature_version":"v1","target":{"function":"quoteAndCast","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c","signature_type":"Function","id":"CVE-2024-1597-551fbae6","digest":{"function_hash":"276580665969963967615120549973081295540","length":422},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e","target":{"function":"negateParameter","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"id":"CVE-2024-1597-56096934","digest":{"function_hash":"232161859972874314153704317581836804045","length":690},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e","target":{"function":"quoteAndCast","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-56622c67","digest":{"function_hash":"276580665969963967615120549973081295540","length":422},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5","target":{"function":"toString","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-61cef026","digest":{"function_hash":"331584250147050604976538288516113356034","length":2525},"deprecated":false},{"deprecated":false,"signature_type":"Line","source":"https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-64db9f03","digest":{"threshold":0.9,"line_hashes":["158478561702712864879466846771136115447","6970768406876601008947057186295021223","212118402369114652908929503258255653280","337402738967881178201786406658851221699","260252284118955699471898594351129166437","20352164641634242602228688915030421339","51614055495995471122720772441534020107","40217388341010696257030416547348120878","189744351111698568895670933745477506184","124398168250955352196009194115407749781","289657807224701769167854460822684857696","123069840390387150564222222747993382914","61724939753363602082016648203591088531","199059472252514495681140072692917231945","129761425372485463371000735514151067093","202932652897682192656682227104309467042","197660576820149360757980856862908777359","61634749618020457889207992097489785042","74794940955490388728290656710551849506","325376069323932163892411324810699030960","225677200263657926831770774498051017145","318712119915131818271956636532569773910","71482478980676302415076176596844959365","137329380406977426883990377902828122700","185133110091574364871970513748533858256","20032651057696466222809103532563447987","238002740809657608742886116893309879890","91332205319729489601699425184208215609","275341064611312177152465608208800354201","136916004957773405579926079388870756773","127303441799482918989532609389156777750","200106938023952757408657585600321108349","27753664583670744124136091972389087013","273855398308723067587300988194372833297","32934108892471593614769592633224085049","111812010820934811618192685857279905204","122973367007768239949948079415914733404","304076529884383184299747230734699412202","36400476110046784272863041710548882612","120608321698240520407382492930783698095","103171194645540827143596727744834508649","127789663322200911132929338492609141419","101734967806369505025515195104975840001","75863454884207762375969001397860065247","337931562013878525513711014694677297806","222523003209639169375865500226641061463","214787850117125619482497421788496496272","173579571887007346157004578205777130606","121545080927543368867129563665988476691","114118115544149017009297728224383834855","21863395980395405337431498599430504884","335795291858953606479242522810527291939","318333934127046229949669666395697411844","109740850246568826034363701274238473478","38393686474214537166294268988289079534","167905660379826018629100957963684600582","194063904679847494648163819771584267235","157232519873003772800393775478968888063","53126485726082781061084209151558335074","338181214851900360349660378529351623689","214002312391881901546233112702726117957","73359393547232634719771209719606830206","190234382215541717899696293976547223123","137075572916898335840172632924815335420","232804748571853758226081080666987969434","66042671239510904908046935676640170198","131367879709823225352342919183621528774","178143172283229353755479407397476545197"]},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf","signature_type":"Line","id":"CVE-2024-1597-684c6678","digest":{"threshold":0.9,"line_hashes":["158478561702712864879466846771136115447","6970768406876601008947057186295021223","212118402369114652908929503258255653280","337402738967881178201786406658851221699","260252284118955699471898594351129166437","20352164641634242602228688915030421339","51614055495995471122720772441534020107","40217388341010696257030416547348120878","189744351111698568895670933745477506184","124398168250955352196009194115407749781","289657807224701769167854460822684857696","123069840390387150564222222747993382914","61724939753363602082016648203591088531","199059472252514495681140072692917231945","129761425372485463371000735514151067093","202932652897682192656682227104309467042","197660576820149360757980856862908777359","61634749618020457889207992097489785042","74794940955490388728290656710551849506","325376069323932163892411324810699030960","225677200263657926831770774498051017145","318712119915131818271956636532569773910","71482478980676302415076176596844959365","137329380406977426883990377902828122700","185133110091574364871970513748533858256","20032651057696466222809103532563447987","238002740809657608742886116893309879890","91332205319729489601699425184208215609","275341064611312177152465608208800354201","136916004957773405579926079388870756773","127303441799482918989532609389156777750","200106938023952757408657585600321108349","27753664583670744124136091972389087013","273855398308723067587300988194372833297","32934108892471593614769592633224085049","111812010820934811618192685857279905204","122973367007768239949948079415914733404","304076529884383184299747230734699412202","36400476110046784272863041710548882612","120608321698240520407382492930783698095","103171194645540827143596727744834508649","127789663322200911132929338492609141419","101734967806369505025515195104975840001","75863454884207762375969001397860065247","337931562013878525513711014694677297806","222523003209639169375865500226641061463","214787850117125619482497421788496496272","173579571887007346157004578205777130606","121545080927543368867129563665988476691","114118115544149017009297728224383834855","21863395980395405337431498599430504884","335795291858953606479242522810527291939","318333934127046229949669666395697411844","109740850246568826034363701274238473478","38393686474214537166294268988289079534","167905660379826018629100957963684600582","194063904679847494648163819771584267235","157232519873003772800393775478968888063","53126485726082781061084209151558335074","338181214851900360349660378529351623689","214002312391881901546233112702726117957","73359393547232634719771209719606830206","190234382215541717899696293976547223123","137075572916898335840172632924815335420","232804748571853758226081080666987969434","66042671239510904908046935676640170198","131367879709823225352342919183621528774","178143172283229353755479407397476545197"]},"deprecated":false},{"deprecated":false,"signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c","target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java","function":"negateParameterWithContinuation"},"id":"CVE-2024-1597-698ffb44","digest":{"function_hash":"326555595098098570554699247604453087821","length":808},"signature_version":"v1"},{"signature_version":"v1","target":{"function":"negateParameterWithContinuation","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee","signature_type":"Function","id":"CVE-2024-1597-73a84b0a","digest":{"function_hash":"326555595098098570554699247604453087821","length":808},"deprecated":false},{"signature_version":"v1","target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e","signature_type":"Line","id":"CVE-2024-1597-754e64e6","digest":{"threshold":0.9,"line_hashes":["61002821911237465839976133570847340600","309984681325856676476712854045500391500","158802443078110701668433419110123028565","7399282723992429190395385776153675622","253961556628851014169184613608646507194","232036816096794482420724904946431763933","20903786691889688273511149863323538245","140784282287643728107418476909339371116","151213061333024472177885930541474460150","280775969686930724088856015828055220708","323674589193457206204165744697796905407","73777040413273267212796127254849927080","20593486292471228226020037842477204486","309852565633488233782133960641629360489","312867317353626192224629012734279540332","230442682380592763546115345826551662312","287822028460380706656528440426879630375","217827682943526121598200736755380564454","118062670654507376095575612484636629519","20593486292471228226020037842477204486","251545240650640463821930463099316693990","313571358051619139186530161317060936191","46871823314265456266923110433621817943","21122737813376364848365344184749873113","24501234535006697431234705038672472381","301562847937220970637639551624339328921","244302395484316180032830825128273532106","239523799162185118610715828659798610080","137125984020239007554627684848878808892","325593835200545652079327045116383455853","315813190952861742529857866252137156351","200042703698059871187354157719461040335","179019958253867719237751319771125417999","119550859589849288841479929374296600019","73110663443345950270603025109605971090","174519456598480135123250597117769454119","86416172722297390761570837298218962017","190304974424883756140222180391206786025","253903697703851286435030683123081821124","315818317869194241093051572633994448171","179019958253867719237751319771125417999","119550859589849288841479929374296600019","268711487937460013276022413706179911087","299189199604237415528076995662750367371","104141559624599199481895315164917241770","124475669231848505249195556423355128808","108587633537507210242609878158511307392"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf","target":{"function":"toString","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-756a5da8","digest":{"function_hash":"331584250147050604976538288516113356034","length":2525},"deprecated":false},{"deprecated":false,"signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5","target":{"function":"negateParameterWithContinuation","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"id":"CVE-2024-1597-83f6278f","digest":{"function_hash":"326555595098098570554699247604453087821","length":808},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5","signature_type":"Line","id":"CVE-2024-1597-89ecfeef","digest":{"threshold":0.9,"line_hashes":["61002821911237465839976133570847340600","309984681325856676476712854045500391500","158802443078110701668433419110123028565","7399282723992429190395385776153675622","253961556628851014169184613608646507194","232036816096794482420724904946431763933","20903786691889688273511149863323538245","140784282287643728107418476909339371116","151213061333024472177885930541474460150","280775969686930724088856015828055220708","323674589193457206204165744697796905407","73777040413273267212796127254849927080","20593486292471228226020037842477204486","309852565633488233782133960641629360489","312867317353626192224629012734279540332","230442682380592763546115345826551662312","287822028460380706656528440426879630375","217827682943526121598200736755380564454","118062670654507376095575612484636629519","20593486292471228226020037842477204486","251545240650640463821930463099316693990","313571358051619139186530161317060936191","46871823314265456266923110433621817943","21122737813376364848365344184749873113","24501234535006697431234705038672472381","301562847937220970637639551624339328921","244302395484316180032830825128273532106","239523799162185118610715828659798610080","137125984020239007554627684848878808892","325593835200545652079327045116383455853","315813190952861742529857866252137156351","200042703698059871187354157719461040335","179019958253867719237751319771125417999","119550859589849288841479929374296600019","73110663443345950270603025109605971090","174519456598480135123250597117769454119","86416172722297390761570837298218962017","190304974424883756140222180391206786025","253903697703851286435030683123081821124","315818317869194241093051572633994448171","179019958253867719237751319771125417999","119550859589849288841479929374296600019","268711487937460013276022413706179911087","299189199604237415528076995662750367371","104141559624599199481895315164917241770","124475669231848505249195556423355128808","108587633537507210242609878158511307392"]},"deprecated":false},{"deprecated":false,"target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee","signature_type":"Line","id":"CVE-2024-1597-94f6dc04","digest":{"threshold":0.9,"line_hashes":["158478561702712864879466846771136115447","6970768406876601008947057186295021223","212118402369114652908929503258255653280","337402738967881178201786406658851221699","260252284118955699471898594351129166437","20352164641634242602228688915030421339","51614055495995471122720772441534020107","40217388341010696257030416547348120878","189744351111698568895670933745477506184","124398168250955352196009194115407749781","289657807224701769167854460822684857696","123069840390387150564222222747993382914","61724939753363602082016648203591088531","199059472252514495681140072692917231945","129761425372485463371000735514151067093","202932652897682192656682227104309467042","197660576820149360757980856862908777359","61634749618020457889207992097489785042","74794940955490388728290656710551849506","325376069323932163892411324810699030960","225677200263657926831770774498051017145","318712119915131818271956636532569773910","71482478980676302415076176596844959365","137329380406977426883990377902828122700","185133110091574364871970513748533858256","20032651057696466222809103532563447987","238002740809657608742886116893309879890","91332205319729489601699425184208215609","275341064611312177152465608208800354201","136916004957773405579926079388870756773","127303441799482918989532609389156777750","200106938023952757408657585600321108349","27753664583670744124136091972389087013","273855398308723067587300988194372833297","32934108892471593614769592633224085049","111812010820934811618192685857279905204","122973367007768239949948079415914733404","304076529884383184299747230734699412202","36400476110046784272863041710548882612","120608321698240520407382492930783698095","103171194645540827143596727744834508649","127789663322200911132929338492609141419","101734967806369505025515195104975840001","75863454884207762375969001397860065247","337931562013878525513711014694677297806","222523003209639169375865500226641061463","214787850117125619482497421788496496272","173579571887007346157004578205777130606","121545080927543368867129563665988476691","114118115544149017009297728224383834855","21863395980395405337431498599430504884","335795291858953606479242522810527291939","318333934127046229949669666395697411844","109740850246568826034363701274238473478","38393686474214537166294268988289079534","167905660379826018629100957963684600582","194063904679847494648163819771584267235","157232519873003772800393775478968888063","53126485726082781061084209151558335074","338181214851900360349660378529351623689","214002312391881901546233112702726117957","73359393547232634719771209719606830206","190234382215541717899696293976547223123","137075572916898335840172632924815335420","232804748571853758226081080666987969434","66042671239510904908046935676640170198","131367879709823225352342919183621528774","178143172283229353755479407397476545197"]},"signature_version":"v1"},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95","target":{"function":"quoteAndCast","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-ac5c1df2","digest":{"function_hash":"276580665969963967615120549973081295540","length":422},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c","target":{"function":"negateParameter","file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"id":"CVE-2024-1597-b5d4698b","digest":{"function_hash":"232161859972874314153704317581836804045","length":690},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5","target":{"function":"quoteAndCast","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-ba4f4aba","digest":{"function_hash":"276580665969963967615120549973081295540","length":422},"deprecated":false},{"deprecated":false,"target":{"function":"toString","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95","signature_type":"Function","id":"CVE-2024-1597-c9b35cfc","digest":{"function_hash":"331584250147050604976538288516113356034","length":2525},"signature_version":"v1"},{"deprecated":false,"signature_type":"Line","source":"https://github.com/pgjdbc/pgjdbc/commit/fe002b31f2c7dcf7e2fe75fe7fd18df4e4503abf","target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"id":"CVE-2024-1597-d0ad8351","digest":{"threshold":0.9,"line_hashes":["61002821911237465839976133570847340600","309984681325856676476712854045500391500","158802443078110701668433419110123028565","7399282723992429190395385776153675622","253961556628851014169184613608646507194","232036816096794482420724904946431763933","20903786691889688273511149863323538245","140784282287643728107418476909339371116","151213061333024472177885930541474460150","280775969686930724088856015828055220708","323674589193457206204165744697796905407","73777040413273267212796127254849927080","20593486292471228226020037842477204486","309852565633488233782133960641629360489","312867317353626192224629012734279540332","230442682380592763546115345826551662312","287822028460380706656528440426879630375","217827682943526121598200736755380564454","118062670654507376095575612484636629519","20593486292471228226020037842477204486","251545240650640463821930463099316693990","313571358051619139186530161317060936191","46871823314265456266923110433621817943","21122737813376364848365344184749873113","24501234535006697431234705038672472381","301562847937220970637639551624339328921","244302395484316180032830825128273532106","239523799162185118610715828659798610080","137125984020239007554627684848878808892","325593835200545652079327045116383455853","315813190952861742529857866252137156351","200042703698059871187354157719461040335","179019958253867719237751319771125417999","119550859589849288841479929374296600019","73110663443345950270603025109605971090","174519456598480135123250597117769454119","86416172722297390761570837298218962017","190304974424883756140222180391206786025","253903697703851286435030683123081821124","315818317869194241093051572633994448171","179019958253867719237751319771125417999","119550859589849288841479929374296600019","268711487937460013276022413706179911087","299189199604237415528076995662750367371","104141559624599199481895315164917241770","124475669231848505249195556423355128808","108587633537507210242609878158511307392"]},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d368b1cc5fbfc9750151f87d78e12db97e13af0e","signature_type":"Line","id":"CVE-2024-1597-d550fd59","digest":{"threshold":0.9,"line_hashes":["158478561702712864879466846771136115447","6970768406876601008947057186295021223","212118402369114652908929503258255653280","337402738967881178201786406658851221699","260252284118955699471898594351129166437","20352164641634242602228688915030421339","51614055495995471122720772441534020107","40217388341010696257030416547348120878","189744351111698568895670933745477506184","124398168250955352196009194115407749781","289657807224701769167854460822684857696","123069840390387150564222222747993382914","61724939753363602082016648203591088531","199059472252514495681140072692917231945","129761425372485463371000735514151067093","202932652897682192656682227104309467042","197660576820149360757980856862908777359","61634749618020457889207992097489785042","74794940955490388728290656710551849506","325376069323932163892411324810699030960","225677200263657926831770774498051017145","318712119915131818271956636532569773910","71482478980676302415076176596844959365","137329380406977426883990377902828122700","185133110091574364871970513748533858256","20032651057696466222809103532563447987","238002740809657608742886116893309879890","91332205319729489601699425184208215609","275341064611312177152465608208800354201","136916004957773405579926079388870756773","127303441799482918989532609389156777750","200106938023952757408657585600321108349","27753664583670744124136091972389087013","273855398308723067587300988194372833297","32934108892471593614769592633224085049","111812010820934811618192685857279905204","122973367007768239949948079415914733404","304076529884383184299747230734699412202","36400476110046784272863041710548882612","120608321698240520407382492930783698095","103171194645540827143596727744834508649","127789663322200911132929338492609141419","101734967806369505025515195104975840001","75863454884207762375969001397860065247","337931562013878525513711014694677297806","222523003209639169375865500226641061463","214787850117125619482497421788496496272","173579571887007346157004578205777130606","121545080927543368867129563665988476691","114118115544149017009297728224383834855","21863395980395405337431498599430504884","335795291858953606479242522810527291939","318333934127046229949669666395697411844","109740850246568826034363701274238473478","38393686474214537166294268988289079534","167905660379826018629100957963684600582","194063904679847494648163819771584267235","157232519873003772800393775478968888063","53126485726082781061084209151558335074","338181214851900360349660378529351623689","214002312391881901546233112702726117957","73359393547232634719771209719606830206","190234382215541717899696293976547223123","137075572916898335840172632924815335420","232804748571853758226081080666987969434","66042671239510904908046935676640170198","131367879709823225352342919183621528774","178143172283229353755479407397476545197"]},"deprecated":false},{"signature_version":"v1","target":{"function":"quoteAndCast","file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee","signature_type":"Function","id":"CVE-2024-1597-eb78c36a","digest":{"function_hash":"276580665969963967615120549973081295540","length":422},"deprecated":false},{"deprecated":false,"target":{"file":"pgjdbc/src/test/java/org/postgresql/jdbc/ParameterInjectionTest.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95","signature_type":"Line","id":"CVE-2024-1597-ebd60dff","digest":{"threshold":0.9,"line_hashes":["61002821911237465839976133570847340600","309984681325856676476712854045500391500","158802443078110701668433419110123028565","7399282723992429190395385776153675622","253961556628851014169184613608646507194","232036816096794482420724904946431763933","20903786691889688273511149863323538245","140784282287643728107418476909339371116","151213061333024472177885930541474460150","280775969686930724088856015828055220708","323674589193457206204165744697796905407","73777040413273267212796127254849927080","20593486292471228226020037842477204486","309852565633488233782133960641629360489","312867317353626192224629012734279540332","230442682380592763546115345826551662312","287822028460380706656528440426879630375","217827682943526121598200736755380564454","118062670654507376095575612484636629519","20593486292471228226020037842477204486","251545240650640463821930463099316693990","313571358051619139186530161317060936191","46871823314265456266923110433621817943","21122737813376364848365344184749873113","24501234535006697431234705038672472381","301562847937220970637639551624339328921","244302395484316180032830825128273532106","239523799162185118610715828659798610080","137125984020239007554627684848878808892","325593835200545652079327045116383455853","315813190952861742529857866252137156351","200042703698059871187354157719461040335","179019958253867719237751319771125417999","119550859589849288841479929374296600019","73110663443345950270603025109605971090","174519456598480135123250597117769454119","86416172722297390761570837298218962017","190304974424883756140222180391206786025","253903697703851286435030683123081821124","315818317869194241093051572633994448171","179019958253867719237751319771125417999","119550859589849288841479929374296600019","268711487937460013276022413706179911087","299189199604237415528076995662750367371","104141559624599199481895315164917241770","124475669231848505249195556423355128808","108587633537507210242609878158511307392"]},"signature_version":"v1"},{"deprecated":false,"target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"source":"https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c","signature_type":"Line","id":"CVE-2024-1597-fa47aef5","digest":{"threshold":0.9,"line_hashes":["158478561702712864879466846771136115447","6970768406876601008947057186295021223","212118402369114652908929503258255653280","337402738967881178201786406658851221699","260252284118955699471898594351129166437","20352164641634242602228688915030421339","51614055495995471122720772441534020107","40217388341010696257030416547348120878","189744351111698568895670933745477506184","124398168250955352196009194115407749781","289657807224701769167854460822684857696","123069840390387150564222222747993382914","61724939753363602082016648203591088531","199059472252514495681140072692917231945","129761425372485463371000735514151067093","202932652897682192656682227104309467042","197660576820149360757980856862908777359","61634749618020457889207992097489785042","74794940955490388728290656710551849506","325376069323932163892411324810699030960","225677200263657926831770774498051017145","318712119915131818271956636532569773910","71482478980676302415076176596844959365","137329380406977426883990377902828122700","185133110091574364871970513748533858256","20032651057696466222809103532563447987","238002740809657608742886116893309879890","91332205319729489601699425184208215609","275341064611312177152465608208800354201","136916004957773405579926079388870756773","127303441799482918989532609389156777750","200106938023952757408657585600321108349","27753664583670744124136091972389087013","273855398308723067587300988194372833297","32934108892471593614769592633224085049","111812010820934811618192685857279905204","122973367007768239949948079415914733404","304076529884383184299747230734699412202","36400476110046784272863041710548882612","120608321698240520407382492930783698095","103171194645540827143596727744834508649","127789663322200911132929338492609141419","101734967806369505025515195104975840001","75863454884207762375969001397860065247","337931562013878525513711014694677297806","222523003209639169375865500226641061463","214787850117125619482497421788496496272","173579571887007346157004578205777130606","121545080927543368867129563665988476691","114118115544149017009297728224383834855","21863395980395405337431498599430504884","335795291858953606479242522810527291939","318333934127046229949669666395697411844","109740850246568826034363701274238473478","38393686474214537166294268988289079534","167905660379826018629100957963684600582","194063904679847494648163819771584267235","157232519873003772800393775478968888063","53126485726082781061084209151558335074","338181214851900360349660378529351623689","214002312391881901546233112702726117957","73359393547232634719771209719606830206","190234382215541717899696293976547223123","137075572916898335840172632924815335420","232804748571853758226081080666987969434","66042671239510904908046935676640170198","131367879709823225352342919183621528774","178143172283229353755479407397476545197"]},"signature_version":"v1"},{"signature_version":"v1","signature_type":"Line","source":"https://github.com/pgjdbc/pgjdbc/commit/d93c74127f5aebda2baa8fcefed4f0b4dfe81d95","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/SimpleParameterList.java"},"id":"CVE-2024-1597-fc71e42d","digest":{"threshold":0.9,"line_hashes":["158478561702712864879466846771136115447","6970768406876601008947057186295021223","212118402369114652908929503258255653280","337402738967881178201786406658851221699","260252284118955699471898594351129166437","20352164641634242602228688915030421339","51614055495995471122720772441534020107","40217388341010696257030416547348120878","189744351111698568895670933745477506184","124398168250955352196009194115407749781","289657807224701769167854460822684857696","123069840390387150564222222747993382914","61724939753363602082016648203591088531","199059472252514495681140072692917231945","129761425372485463371000735514151067093","202932652897682192656682227104309467042","197660576820149360757980856862908777359","61634749618020457889207992097489785042","74794940955490388728290656710551849506","325376069323932163892411324810699030960","225677200263657926831770774498051017145","318712119915131818271956636532569773910","71482478980676302415076176596844959365","137329380406977426883990377902828122700","185133110091574364871970513748533858256","20032651057696466222809103532563447987","238002740809657608742886116893309879890","91332205319729489601699425184208215609","275341064611312177152465608208800354201","136916004957773405579926079388870756773","127303441799482918989532609389156777750","200106938023952757408657585600321108349","27753664583670744124136091972389087013","273855398308723067587300988194372833297","32934108892471593614769592633224085049","111812010820934811618192685857279905204","122973367007768239949948079415914733404","304076529884383184299747230734699412202","36400476110046784272863041710548882612","120608321698240520407382492930783698095","103171194645540827143596727744834508649","127789663322200911132929338492609141419","101734967806369505025515195104975840001","75863454884207762375969001397860065247","337931562013878525513711014694677297806","222523003209639169375865500226641061463","214787850117125619482497421788496496272","173579571887007346157004578205777130606","121545080927543368867129563665988476691","114118115544149017009297728224383834855","21863395980395405337431498599430504884","335795291858953606479242522810527291939","318333934127046229949669666395697411844","109740850246568826034363701274238473478","38393686474214537166294268988289079534","167905660379826018629100957963684600582","194063904679847494648163819771584267235","157232519873003772800393775478968888063","53126485726082781061084209151558335074","338181214851900360349660378529351623689","214002312391881901546233112702726117957","73359393547232634719771209719606830206","190234382215541717899696293976547223123","137075572916898335840172632924815335420","232804748571853758226081080666987969434","66042671239510904908046935676640170198","131367879709823225352342919183621528774","178143172283229353755479407397476545197"]},"deprecated":false}],"vanir_signatures_modified":"2026-04-12T10:59:01Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"40"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}