VDB
CVE-2024-32888
CVE-2024-32888
PUBLISHED
CVSS 10 CRITICAL
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
EPSS 0.48% · 65.3th percentile
Risk Scores
CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.48%
65.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | com.amazon.redshift:redshift-jdbc42 | 0 |
| aws | amazon-redshift-jdbc-driver | - |
| aws | amazon-redshift-jdbc-driver | < 2.1.0.28 |
Timeline
- Jan 21, 1970 Security Advisory
- May 15, 2024 CVE Published
- May 15, 2024 EPSS Score
- Jun 9, 2024 EPSS Score
- Jul 3, 2024 EPSS Score
- Jul 27, 2024 EPSS Score
- Aug 19, 2024 EPSS Score
- Sep 12, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 6, 2024 EPSS Score
- Oct 30, 2024 EPSS Score
- Dec 18, 2024 EPSS Score
References
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm url
- https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 url
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319 url
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339 url
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d url
- https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-32888 advisory
- https://github.com/aws/amazon-redshift-jdbc-driver package
- https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw url