Platform
java
Component
com.amazon.redshift:redshift-jdbc42
Fixed in
2.1.1
2.1.0.28
CVE-2024-32888 describes a SQL Injection vulnerability discovered in the Redshift JDBC driver. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. The vulnerability affects versions of the driver up to and including 2.1.0.9. A patch is available in version 2.1.0.28.
The impact of this SQL Injection vulnerability is significant. An attacker who can successfully exploit this flaw can potentially bypass security controls and execute arbitrary SQL queries against the Redshift database. This could lead to unauthorized access to sensitive data, including personally identifiable information (PII), financial records, and business-critical data. Depending on the database permissions, an attacker could also modify or delete data, leading to data corruption and service disruption. The use of preferQueryMode=simple is a key factor in exploitability, as it bypasses the driver's default security measures. This vulnerability shares similarities with other SQL Injection vulnerabilities where parameter validation is insufficient, potentially allowing attackers to manipulate query logic.
CVE-2024-32888 was publicly disclosed on May 15, 2024. The vulnerability's severity is rated as CRITICAL (CVSS score 10.0). There is currently no indication of active exploitation campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of this writing. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it likely that exploits will emerge.
Exploit Status
EPSS
0.48% (65% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-32888 is to upgrade to version 2.1.0.28 or later of the Redshift JDBC driver. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider disabling the preferQueryMode=simple connection property. This will revert to the default, extended query mode, which is not vulnerable. Additionally, review application code that interacts with the database to ensure proper parameter validation and sanitization to prevent SQL Injection attacks. Monitor database logs for suspicious SQL queries. After upgrading, confirm the fix by attempting to reproduce the vulnerability using the preferQueryMode=simple property and verifying that the injection is blocked.
Update the Amazon Redshift JDBC driver to version 2.1.0.28 or later. Alternatively, avoid using the connection property `preferQueryMode=simple`. If a query mode is not specified, the default extended query mode is used, which is not affected by this vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-32888 is a critical SQL Injection vulnerability in the Redshift JDBC driver affecting versions up to 2.1.0.9. It allows attackers to inject malicious SQL code via the preferQueryMode=simple property, potentially compromising data.
You are affected if you are using Redshift JDBC Driver versions 2.1.0.9 or earlier and have enabled the preferQueryMode=simple connection property. Otherwise, you are not directly affected.
Upgrade to version 2.1.0.28 or later of the Redshift JDBC driver. If immediate upgrading is not possible, disable the preferQueryMode=simple property.
There is currently no confirmed evidence of active exploitation, but the vulnerability's severity and nature suggest that exploitation is possible.
Refer to the Amazon Redshift security advisories for the latest information: https://aws.amazon.com/security/security-bulletins/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.