How can organizations protect themselves from CVE-2024-1597?

Update your dependencies! Make sure all of your Java applications are using a patched version of the PostgreSQL JDBC driver. As a best practice, avoid using thepreferQueryMode=simple setting unless you have a very specific and understood reason to do so. Regular code and dependency scanning is essential.

CVE-2024-1597 Vulnerability

Published: 12/16/2025

Written by: Nadine Rozell

What is CVE-2024-1597 Vulnerability?

CVE-2024-1597 is a critical SQL injection vulnerability found in the PostgreSQL JDBC (Java Database Connectivity) Driver. This driver is the go-to for Java applications that need to talk to a PostgreSQL database. The vulnerability allows an attacker to inject malicious SQL code when using a specific, non-default connection mode. A successful exploit can lead to authentication bypass and arbitrary code execution on the database server.

When was it discovered?

The vulnerability was disclosed on February 20, 2024. The PostgreSQL JDBC driver development team released patched versions to address the flaw. The bug affects a less common connection mode, but its severity means that anyone using it is at high risk. It's a classic example of how even niche configurations can have massive security implications.

Affected Products & Versions

Product	Versions Affected	Fixed Versions / Patch Links
pgjdbc - PostgreSQL JDBC Driver	42.7.x before 42.7.242.6.x before 42.6.142.5.x before 42.5.542.4.x before 42.4.442.3.x before 42.3.942.2.x before 42.2.28	42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28 and later

CVE-2024-1597 technical description

The vulnerability exists specifically when the preferQueryMode=simple parameter is used in the JDBC connection string. In this mode, the driver does not properly sanitize user input, creating an opening for SQL injection. An attacker can craft a username or other connection parameter containing malicious SQL syntax. When the application attempts to connect to the database, this malicious syntax is executed directly, allowing the attacker to bypass authentication, run arbitrary queries, and potentially execute commands on the underlying operating system through database functions.

Tactics, Techniques & Procedures (TTPs)

An attacker would first need to find a Java application that connects to a PostgreSQL database using a vulnerable version of the JDBC driver and the preferQueryMode=simple setting. They would then inject a malicious SQL payload into a user-controllable field, like a username field on a login page. This payload could be designed to log them in without a password, exfiltrate data from tables, or drop a shell to gain control of the server.

Indicators of Compromise

Detection involves looking for unusual or malformed SQL queries in your PostgreSQL logs. Specifically, look for queries originating from application connection attempts that contain unexpected SQL commands or logic (e.g., OR 1=1). Monitoring application logs for suspicious connection strings containing SQL injection payloads is also key. An abnormal spike in database errors related to syntax could also be an indicator of failed injection attempts.

Known Proof-of-Concepts & Exploits

Proof-of-concept exploits are publicly available and demonstrate how to bypass authentication with a specially crafted username. For example, a username like ' a=1; followed by a malicious SQL query can trick the system. While not as widely exploited in the wild as some other vulnerabilities, its public documentation makes it an easy tool for any attacker targeting a misconfigured Java application.

How to detect CVE-2024-1597 Vulnerability?

The best way to detect this is to audit your applications. Check all your Java projects to see which version of the PostgreSQL JDBC driver they use. If you find a vulnerable version, you must then check if any of your database connection strings use the preferQueryMode=simple parameter. Software Composition Analysis (SCA) tools are great for identifying outdated dependencies like this across your codebase.

Impact & risk of CVE-2024-1597 Vulnerability

The impact is critical for any application using the vulnerable configuration. A successful exploit gives an attacker direct access to your database. This can lead to a catastrophic data breach, data corruption, or complete server compromise. Since databases are often the crown jewels of an organization, holding customer data, financial records, and intellectual property, the risk is about as high as it gets.

Mitigation & remediation strategies

The number one fix is to update your PostgreSQL JDBC driver to a patched version. This is non-negotiable. If for some reason you absolutely cannot update the driver, the immediate workaround is to stop using preferQueryMode=simple. The default mode (extended) is not vulnerable to this specific attack. However, relying on this workaround is a temporary fix at best. Patching the library is the only way to be truly secure.

CVE-2024-1597 Vulnerability FAQs

CVE-2024-1597 is a SQL injection vulnerability in the PostgreSQL JDBC driver. It lets an attacker inject malicious SQL code when a Java application connects to a database using a specific, insecure mode (preferQueryMode=simple), which can lead to authentication bypass.

It doesn't "infect" a system but exploits a flaw in how the application communicates with the database. An attacker provides a malicious input (like a username) that contains SQL commands. The vulnerable driver then executes these commands on the database, giving the attacker control.

Yes. Any application running an old, vulnerable version of the JDBC driver with the specific insecure setting is at risk. Attackers know that developers don't always update dependencies, so they will continue to look for this easy-to-exploit flaw.