Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01YzZxLWY3ODMtaDg4OM4AAvHY
AWS Redshift JDBC Driver fails to validate class type during object instantiation
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.
Permalink: https://github.com/advisories/GHSA-5c6q-f783-h888JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01YzZxLWY3ODMtaDg4OM4AAvHY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 12 months ago
Updated: 8 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-5c6q-f783-h888
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41828
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
- https://github.com/advisories/GHSA-5c6q-f783-h888
Affected Packages
maven:com.amazon.redshift:redshift-jdbc42
Versions: < 2.1.0.8Fixed in: 2.1.0.8