Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector
Description
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclient_impl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.calcite.avatica:avatica-coreMaven | < 1.22.0 | 1.22.0 |
Affected products
138- osv-coords137 versionspkg:apk/chainguard/hivepkg:apk/chainguard/hive-compatpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/org.apache.calcite.avatica/avatica-core
< 4.0.1-r1+ 136 more
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 453-r2
- (no CPE)range: < 1.22.0
- Apache Software Foundation/Apache Calcite Avaticav5Range: Apache Calcite Avatica
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-w7f5-jrpr-5c2mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36364ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/07/28/1ghsamailing-listx_refsource_MLISTWEB
- github.com/apache/calcite-avatica/commit/0c097b6a685fc1f97f151505a219976f15ed0c4cghsaWEB
- lists.apache.org/thread/5csdj8bv4h3hfgw27okm84jh1j2fyw0cghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.