Amazon Redshift Jdbc Driver
Monthly
Remote code execution in Amazon Redshift JDBC Driver versions prior to 2.2.2 allows unauthenticated network attackers to execute arbitrary code by manipulating JDBC connection URL parameters under high-complexity conditions. The driver can be exploited to load and execute arbitrary classes from the application's classpath when specific connection URL parameters are controlled by an attacker. AWS released patch version 2.2.2 with GHSA advisory GHSA-wmmv-vvg5-993q. CVSS 9.2 (Critical) reflects high impact across confidentiality, integrity, and availability, though attack complexity is high and attack vector prerequisites are present.
Remote code execution in Amazon Redshift JDBC Driver versions prior to 2.2.2 allows unauthenticated network attackers to execute arbitrary code by manipulating JDBC connection URL parameters under high-complexity conditions. The driver can be exploited to load and execute arbitrary classes from the application's classpath when specific connection URL parameters are controlled by an attacker. AWS released patch version 2.2.2 with GHSA advisory GHSA-wmmv-vvg5-993q. CVSS 9.2 (Critical) reflects high impact across confidentiality, integrity, and availability, though attack complexity is high and attack vector prerequisites are present.