AWS Redshift JDBC Driver fails to validate class type during object instantiation
High severity
GitHub Reviewed
Published
Sep 30, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Package
Affected versions
< 2.1.0.8
Patched versions
2.1.0.8
Description
Published by the National Vulnerability Database
Sep 29, 2022
Published to the GitHub Advisory Database
Sep 30, 2022
Reviewed
Sep 30, 2022
Last updated
Jan 28, 2023
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.
References