Vulnerability Description
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Amazon Web Services Redshift Java Database Connectivity Driver | < 2.1.0.8 |
Related Weaknesses (CWE)
References
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffPatchThird Party Advisory
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69Third Party Advisory
- https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffPatchThird Party Advisory
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69Third Party Advisory
FAQ
What is CVE-2022-41828?
CVE-2022-41828 is a vulnerability with a CVSS score of 8.1 (HIGH). In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
How severe is CVE-2022-41828?
CVE-2022-41828 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41828?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Amazon Web Services Redshift Java Database Connectivity Driver.