19 matches found
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...
CVE-2026-8178
The CVE concerns the Amazon Redshift JDBC Driver (versions prior to 2.2.2). Under certain conditions, processing JDBC connection URL parameters could trigger loading and execution of arbitrary classes, allowing an attacker who can influence the connection URL to run code in the application contex...
CVE-2026-32140
Dataease (open source data visualization tool) Before version 2.10.20 is vulnerable via the Redshift JDBC driver where the IniFile parameter can be exploited to load an attacker-controlled configuration file. The getJdbcIniFile discovery mechanism can, if not restricted, locate rsjdbc.ini and, in...
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
CVE-2025-53004
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
RedShift JDBC Driver < 2.1.0.32 (CVE-2024-12744)
The Amazon Redshift JDBC Driver, version 2.1.0.31, is affected by CVE-2024-12744, a SQL injection issue when utilizing the getschemas, gettables, or getcolumns Metadata APIs. This issue has been addressed in driver version 2.1.0.32. We recommend customers upgrade to the driver version 2.1.0.32 or...
RedShift JDBC Installed
Binary data redshiftjdbcinstalled.nbin...
io.github.josephlbarnett:db (>=3.2.340 <=3.2.379), us.fatehi:schemacrawler-cassandra (>=16.23.1 <=16.23.2) +10 more potentially affected by CVE-2024-12744 via com.amazon.redshift:redshift-jdbc42 (=2.1.0.31)
com.amazon.redshift:redshift-jdbc42 MAVEN version =2.1.0.31 is affected by a known vulnerability. The following packages have a transitive dependency on com.amazon.redshift:redshift-jdbc42 and may be impacted: - io.github.josephlbarnett:db =3.2.340, =16.23.1, =16.23.1, =16.23.1, =16.23.1, =16.23....
CVE-2024-12744
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...
GHSA-X3WM-HFFR-CHWM Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that...
PT-2024-24941 · Amazon · Amazon Redshift Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Amazon Redshift JDBC Driver versions prior to 2.1.0.28 Description: The issue allows for SQL injection when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that...
ai.starlake:spark-redshift_2.13 (>=6.5.0 <=6.5.1), ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15) +80 more potentially affected by CVE-2022-41828 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.1.0.7)
com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =6.5.0, =1.5.8, =2025.34.3, =0.293, =0.293, =5.0.0, =5.1.0, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =3.2.171, =6.0.0-spark3.3, =0.2.8, =0.17.0 and more Source cves: CVE-2022-41828 Source advisory:...
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...
Magnitude Simba Amazon Redshift JDBC Driver 参数注入漏洞
Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver from Magnitude, Inc. It provides database connectivity through the standard JDBC Application Programming Interface API provided in the Enterprise Edition of the Java platform. A parameter injection vulnerability exists in Magnitude Simb...