Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure

Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details IBM X-Force ID: 268195 DESCRIPTION: Presto is vulnerable to server-side request forgery, caused by improper validating the...

GHSA-86Q5-QCJC-7PV4 Presto JDBC Server-Side Request Forgery by nextUri

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can modify the nextUri parameter to internal server in response content that Presto JDBC client will request next and view sensitive information from highly sensitive internal...

PT-2023-32996 · Unknown · Presto Jdbc

Name of the Vulnerable Software and Affected Versions: Presto JDBC affected versions not specified Description: The issue allows for Server-Side Request Forgery SSRF when connecting to a remote Presto server. An attacker can modify the nextUri parameter to point to an internal server, causing the...

PT-2023-33073 · Okhttp +1 · Okhttp +1

Name of the Vulnerable Software and Affected Versions: Presto JDBC affected versions not specified Description: Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting to a remote Presto server. An attacker can construct a redirect response that the Presto JDBC client will...