mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-02-19T15:02:15.175041+00:00
This commit is contained in:
cad-safe-bot
parent
60b74b8eb0
commit
2ebf4d0127
59
CVE-2024/CVE-2024-15xx/CVE-2024-1597.json
Normal file
59
CVE-2024/CVE-2024-15xx/CVE-2024-1597.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2024-1597",
|
||||
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
|
||||
"published": "2024-02-19T13:15:07.740",
|
||||
"lastModified": "2024-02-19T13:15:07.740",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\u00edn para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 10.0,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 6.0
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56",
|
||||
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"
|
||||
}
|
||||
]
|
||||
}
|
||||
23
README.md
23
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-02-19T13:00:33.673603+00:00
|
||||
2024-02-19T15:02:15.175041+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-02-19T12:15:45+00:00
|
||||
2024-02-19T13:15:07.740000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -29,31 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
238879
|
||||
238880
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `5`
|
||||
Recently added CVEs: `1`
|
||||
|
||||
* [CVE-2024-1580](CVE-2024/CVE-2024-15xx/CVE-2024-1580.json) (`2024-02-19T11:15:08.817`)
|
||||
* [CVE-2024-1343](CVE-2024/CVE-2024-13xx/CVE-2024-1343.json) (`2024-02-19T12:15:44.413`)
|
||||
* [CVE-2024-1344](CVE-2024/CVE-2024-13xx/CVE-2024-1344.json) (`2024-02-19T12:15:44.617`)
|
||||
* [CVE-2024-1345](CVE-2024/CVE-2024-13xx/CVE-2024-1345.json) (`2024-02-19T12:15:44.803`)
|
||||
* [CVE-2024-1346](CVE-2024/CVE-2024-13xx/CVE-2024-1346.json) (`2024-02-19T12:15:45.000`)
|
||||
* [CVE-2024-1597](CVE-2024/CVE-2024-15xx/CVE-2024-1597.json) (`2024-02-19T13:15:07.740`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `7`
|
||||
Recently modified CVEs: `0`
|
||||
|
||||
* [CVE-2023-40547](CVE-2023/CVE-2023-405xx/CVE-2023-40547.json) (`2024-02-19T11:15:07.980`)
|
||||
* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-19T11:15:08.670`)
|
||||
* [CVE-2023-5378](CVE-2023/CVE-2023-53xx/CVE-2023-5378.json) (`2024-02-19T12:15:43.980`)
|
||||
* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-02-19T12:15:44.103`)
|
||||
* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-19T12:15:44.277`)
|
||||
* [CVE-2024-25710](CVE-2024/CVE-2024-257xx/CVE-2024-25710.json) (`2024-02-19T11:15:09.090`)
|
||||
* [CVE-2024-26308](CVE-2024/CVE-2024-263xx/CVE-2024-26308.json) (`2024-02-19T11:15:09.173`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user