Amazon JDBC Driver for Redshift SQL Injection via line comment generation

The impact of this SQL Injection vulnerability is significant. An attacker who can successfully exploit this flaw can potentially bypass security controls and execute arbitrary SQL queries against the Redshift database. This could lead to unauthorized access to sensitive data, including personally identifiable information (PII), financial records, and business-critical data. Depending on the database permissions, an attacker could also modify or delete data, leading to data corruption and service disruption. The use of preferQueryMode=simple is a key factor in exploitability, as it bypasses the driver's default security measures. This vulnerability shares similarities with other SQL Injection vulnerabilities where parameter validation is insufficient, potentially allowing attackers to manipulate query logic.

Organizations using the Redshift JDBC driver in their applications, particularly those that have explicitly configured the preferQueryMode=simple connection property, are at risk. Legacy applications or those with inadequate input validation are especially vulnerable. Shared hosting environments where multiple applications share the same database connection pool could also be affected.

• java / application: Monitor application logs for SQL errors or unusual query patterns. Use static analysis tools to identify vulnerable SQL queries using the preferQueryMode=simple property. • java / runtime: Use Java profilers to monitor JDBC connection properties and detect the presence of preferQueryMode=simple. • generic web: If the Redshift JDBC driver is used in a web application, review web application firewall (WAF) rules to block suspicious SQL queries. • database (postgresql): Examine PostgreSQL audit logs for unusual SQL queries originating from the Redshift JDBC driver.

1. 2024-05-15Disclosure

   disclosure

1. Reservado2024-04-19
2. Publicada2024-05-15
3. Modificada2026-02-04
4. EPSS atualizado2026-04-02

The primary mitigation for CVE-2024-32888 is to upgrade to version 2.1.0.28 or later of the Redshift JDBC driver. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider disabling the preferQueryMode=simple connection property. This will revert to the default, extended query mode, which is not vulnerable. Additionally, review application code that interacts with the database to ensure proper parameter validation and sanitization to prevent SQL Injection attacks. Monitor database logs for suspicious SQL queries. After upgrading, confirm the fix by attempting to reproduce the vulnerability using the preferQueryMode=simple property and verifying that the injection is blocked.