Vulnerability Details CVE-2022-41828
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.463
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 8.1
References
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
Products affected by CVE-2022-41828
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.1
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.2
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.3
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.4
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.5
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.6
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.0.0.7
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.1
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.2
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.3
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.4
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.5
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.6
-
cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.7