Homepage

com.amazon.redshift:redshift-jdbc42@2.1.0.12 vulnerabilities

  • latest version

    2.1.0.32

  • latest non vulnerable version

    2.1.0.32

  • first published

    3 years ago

  • latest version published

    15 days ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.amazon.redshift:redshift-jdbc42 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    SQL Injection

    Affected versions of this package are vulnerable to SQL Injection when using PreferQueryMode=SIMPLE, which is not the default setting. By passing in a numeric value placeholder immediately preceded by a minus and followed by a second placeholder for a string value, on the same line, an attacker can construct a payload that alters the parameterized query into which it is interpolated. This effectively bypasses the protections against SQL Injection that parameterized queries offer.

    Note:

    This vulnerability is similar to the one in Postgres JDBC: CVE-2024-1597

    How to fix SQL Injection?

    Upgrade com.amazon.redshift:redshift-jdbc42 to version 2.1.0.28 or higher.

    [,2.1.0.28)
    Go back to all versions of this package