VYPR

Maven package

com.amazon.redshift/redshift-jdbc42

pkg:maven/com.amazon.redshift/redshift-jdbc42

Vulnerabilities (4)

  • CVE-2026-8178HigMay 8, 2026
    affected < 2.2.2fixed 2.2.2

    An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in th

  • CVE-2024-12744Dec 24, 2024
    affected >= 2.1.0.31, < 2.1.0.32fixed 2.1.0.32

    A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

  • CVE-2024-32888CriMay 15, 2024
    affected < 2.1.0.28fixed 2.1.0.28

    The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the

  • CVE-2022-41828Sep 29, 2022
    affected < 2.1.0.8fixed 2.1.0.8

    In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.