Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.amazon.redshift/redshift-jdbc42@2.1.0.14
Typemaven
Namespacecom.amazon.redshift
Nameredshift-jdbc42
Version2.1.0.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.0.28
Latest_non_vulnerable_version2.2.2
Affected_by_vulnerabilities
0
url VCID-psug-g4e4-ubhx
vulnerability_id VCID-psug-g4e4-ubhx
summary 
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value.

There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32888
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.65465
published_at 2026-06-09T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.65445
published_at 2026-06-08T12:55:00Z
2
value 0.00479
scoring_system epss
scoring_elements 0.65456
published_at 2026-06-07T12:55:00Z
3
value 0.00479
scoring_system epss
scoring_elements 0.65468
published_at 2026-06-06T12:55:00Z
4
value 0.00479
scoring_system epss
scoring_elements 0.65457
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32888
1
reference_url https://github.com/aws/amazon-redshift-jdbc-driver
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/aws/amazon-redshift-jdbc-driver
2
reference_url https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-15T15:04:35Z/
url https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319
3
reference_url https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-15T15:04:35Z/
url https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339
4
reference_url https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-15T15:04:35Z/
url https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d
5
reference_url https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32888
reference_id CVE-2024-32888
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32888
7
reference_url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
reference_id GHSA-24rp-q3w6-vc56
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-15T15:04:35Z/
url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
8
reference_url https://github.com/advisories/GHSA-x3wm-hffr-chwm
reference_id GHSA-x3wm-hffr-chwm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3wm-hffr-chwm
9
reference_url https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm
reference_id GHSA-x3wm-hffr-chwm
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-15T15:04:35Z/
url https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm
fixed_packages
0
url pkg:maven/com.amazon.redshift/redshift-jdbc42@2.1.0.28
purl pkg:maven/com.amazon.redshift/redshift-jdbc42@2.1.0.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.amazon.redshift/redshift-jdbc42@2.1.0.28
aliases CVE-2024-32888, GHSA-x3wm-hffr-chwm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psug-g4e4-ubhx
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.amazon.redshift/redshift-jdbc42@2.1.0.14