Maven package
com.amazon.redshift/redshift-jdbc42
pkg:maven/com.amazon.redshift/redshift-jdbc42
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8178 | Hig | 8.1 | < 2.2.2 | 2.2.2 | May 8, 2026 | An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in th | |
| CVE-2024-12744 | — | >= 2.1.0.31, < 2.1.0.32 | 2.1.0.32 | Dec 24, 2024 | A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. | ||
| CVE-2024-32888 | Cri | 10.0 | < 2.1.0.28 | 2.1.0.28 | May 15, 2024 | The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the | |
| CVE-2022-41828 | — | < 2.1.0.8 | 2.1.0.8 | Sep 29, 2022 | In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. |
- affected < 2.2.2fixed 2.2.2
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in th
- CVE-2024-12744Dec 24, 2024affected >= 2.1.0.31, < 2.1.0.32fixed 2.1.0.32
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.
- affected < 2.1.0.28fixed 2.1.0.28
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the
- CVE-2022-41828Sep 29, 2022affected < 2.1.0.8fixed 2.1.0.8
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.