CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

PT-2023-21865 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.5 Description: DataEase is an open source data visualization analysis tool where users can modify data, and data sources are expected to sanitize data properly. However, the AWS redshift data source does not...

Security Bulletin: IBM Security Guardium is affected by a redshift-jdbc42-2.0.0.3.jar vulnerability (CVE-2022-41828)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-41828 DESCRIPTION: Amazon AWS Redshift JDBC Driver could provide weaker than expected security, caused by failing to heck the class type when instantiating an object from a class name in Object Factory...

Exploit for Incorrect Type Conversion or Cast in Amazon Amazon_Web_Services_Redshift_Java_Database_Connectivity_Driver

CVE-2022-41828 Amazon AWS Redshift JDBC Driver Remote Code...

ai.starlake:spark-redshift_2.13 (>=6.5.0 <=6.5.1), ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15) +80 more potentially affected by CVE-2022-41828 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.1.0.7)

com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =6.5.0, =1.5.8, =2025.34.3, =0.293, =0.293, =5.0.0, =5.1.0, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =3.2.171, =6.0.0-spark3.3, =0.2.8, =0.17.0 and more Source cves: CVE-2022-41828 Source advisory:...

GHSA-JC69-HJW2-FM86 com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

Impact A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback...

com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

Impact A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback...

Remote Code Execution (RCE)

redshift-jdbc42 is vulnerable to remote code execution. The vulnerability exists because the verifyPeerName function of MakeSSL.java does not properly check the class type when instantiating an object from a class name, allowing an attacker to inject and execute malicious code through the object...

GHSA-5C6Q-F783-H888 Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc69-hjw2-fm86. This link is maintained to preserve external references. Original Description In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object...

Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc69-hjw2-fm86. This link is maintained to preserve external references. Original Description In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object...

CVE-2022-41828

In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name...

CVE-2022-41828

In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name...

Design/Logic Flaw

In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name...

Amazon AWS Redshift JDBC Driver 代码问题漏洞

Amazon AWS is a cloud computing platform from the U.S.-based Amazon.com that provides a range of services including information technology infrastructure and applications such as storage, databases, computing, machine learning, and more to individuals, businesses, and governments. A security...

CVE-2022-41828

In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name...

CVE-2022-41828

In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name...

PT-2022-26085 · Amazon · Amazon Redshift Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Amazon AWS Redshift JDBC Driver versions prior to 2.1.0.8 Description: The Object Factory in the Amazon AWS Redshift JDBC Driver does not check the class type when instantiating an object from a class name. This issue can lead to a potential...

CVE-2022-41828

Summary: CVE-2022-41828 concerns the Amazon AWS Redshift JDBC Driver (redshift-jdbc42) prior to 2.1.0.8, where the Object Factory does not validate the target class type before instantiation, enabling potential remote code execution via crafted class names. Connected documents show concrete detai...

Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...