redshift-jdbc42 is vulnerable to remote code execution. The vulnerability exists because the verifyPeerName
function of MakeSSL.java
does not properly check the class type when instantiating an object from a class name, allowing an attacker to inject and execute malicious code through the object factory.
CPE | Name | Operator | Version |
---|---|---|---|
amazon-redshift-jdbc-driver | le | 2.1.0.7 | |
amazon-redshift-jdbc-driver | le | 2.1.0.7 |
github.com/advisories/GHSA-5c6q-f783-h888
github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86