com.netflix.metacat:metacat-connector-redshift (>=1.3.0 <=1.3.1), com.trib3:db (>=1.19.1891 <=3.1.5004) +62 more potentially affected by CVE-2024-32888 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.1.0.26)

com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =6.0.0-spark3.3, =0.6.0, =359, =3.20.0, =3.20.0, =0.1.5, =0.1.1, =2.59.0, =2.59.0, =3.0.0 and more Source cves: CVE-2024-32888 Source advisory: OSV:GHSA-X3WM-HFFR-CHWM...

Security Bulletin: IBM Security Guardium is affected by a redshift-jdbc42-2.0.0.3.jar vulnerability (CVE-2022-41828)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-41828 DESCRIPTION: Amazon AWS Redshift JDBC Driver could provide weaker than expected security, caused by failing to heck the class type when instantiating an object from a class name in Object Factory...

com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

Impact A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback...

Remote Code Execution (RCE)

redshift-jdbc42 is vulnerable to remote code execution. The vulnerability exists because the verifyPeerName function of MakeSSL.java does not properly check the class type when instantiating an object from a class name, allowing an attacker to inject and execute malicious code through the object...