Pranav Yogi Lodha created IMPALA-13180:
------------------------------------------
Summary: Upgrade postgresql to 42.5.5 due to CVE-2024-1597
Key: IMPALA-13180
URL: https://issues.apache.org/jira/browse/IMPALA-13180
Project: IMPALA
Issue Type: Task
Reporter: Pranav Yogi Lodha
Upgrade postgresql to 42.5.5 due to CVE-2024-1597
Affected versions of this package are vulnerable to SQL Injection when using
{{{}PreferQueryMode=SIMPLE{}}}, which is not the default setting. By passing in
a numeric value placeholder immediately preceded by a minus and followed by a
second placeholder for a string value, on the same line, an attacker can
construct a payload that alters the parameterized query into which it is
interpolated. This effectively bypasses the protections against SQL Injection
that parameterized queries offer.
[https://security.snyk.io/vuln/SNYK-JAVA-ORGPOSTGRESQL-6252740]
[https://github.com/advisories/GHSA-24rp-q3w6-vc56]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
