Lucene search
Veracode Vulnerability DatabaseVERACODE:37344HistorySep 30, 2022 - 3:42 a.m.
Remote Code Execution (RCE)
2022-09-3003:42:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
35
remote code execution
redshift-jdbc42
makessl.java
verifypeername
object factory
software security
0.002 Low
EPSS
Percentile
59.6%
redshift-jdbc42 is vulnerable to remote code execution. The vulnerability exists because the verifyPeerName function of MakeSSL.java does not properly check the class type when instantiating an object from a class name, allowing an attacker to inject and execute malicious code through the object factory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| amazon-redshift-jdbc-driver | le | 2.1.0.7 | |
| amazon-redshift-jdbc-driver | le | 2.1.0.7 |
References
github.com/advisories/GHSA-5c6q-f783-h888
github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
Related
github
github
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
2022-10-12 18:23:36
ibm
ibm
osv
osv
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
2022-10-12 18:23:36
AWS Redshift JDBC Driver fails to validate class type during object instantiation
2022-09-30 00:00:20
CVE-2022-41828
2022-09-29 21:15:12
nvd
nvd
CVE-2022-41828
2022-09-29 21:15:12
cve
cve
CVE-2022-41828
2022-09-29 21:15:12
prion
prion
Design/Logic Flaw
2022-09-29 21:15:00
cvelist
cvelist
CVE-2022-41828
2022-09-29 00:00:00