software.amazon.jdbc:aws-advanced-jdbc-wrapper@4.0.0

latest version

4.0.1

latest non vulnerable version

4.0.1

first published

3 years ago

latest version published

1 months ago

licenses detected

Apache-2.0
[1.0.0,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the software.amazon.jdbc:aws-advanced-jdbc-wrapper package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Untrusted Search Path software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services (AWS) Advanced JDBC Wrapper Affected versions of this package are vulnerable to Untrusted Search Path in the `GlobalAuroraPgDialect`, which is included in the public schema. A low-privileged user can elevate privileges to rds_superuser by creating a malicious function that executes when another user connects to the cluster through the affected wrapper. How to fix Untrusted Search Path? Upgrade `software.amazon.jdbc:aws-advanced-jdbc-wrapper` to version 4.0.1 or higher.	[3.0.0,4.0.1)

Untrusted Search Path

software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services (AWS) Advanced JDBC Wrapper

Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDialect, which is included in the public schema. A low-privileged user can elevate privileges to rds_superuser by creating a malicious function that executes when another user connects to the cluster through the affected wrapper.

How to fix Untrusted Search Path?

Upgrade software.amazon.jdbc:aws-advanced-jdbc-wrapper to version 4.0.1 or higher.

[3.0.0,4.0.1)

Go back to all versions of this package