CVE-2022-41828: AWS Redshift JDBC Driver fails to validate class type during object instantiation

September 29, 2022 (updated November 7, 2022)

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.

References

github.com/advisories/GHSA-5c6q-f783-h888
github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
nvd.nist.gov/vuln/detail/CVE-2022-41828

Code Behaviors & Features

Detect and mitigate CVE-2022-41828 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →