GHSA-5c6q-f783-h888: Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-jc69-hjw2-fm86. This link is maintained to preserve external references.
Original Description
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.
References
- github.com/advisories/GHSA-5c6q-f783-h888
- github.com/aws/amazon-redshift-jdbc-driver
- github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
- github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
- github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
- nvd.nist.gov/vuln/detail/CVE-2022-41828
Code Behaviors & Features
Detect and mitigate GHSA-5c6q-f783-h888 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →