Amazon JDBC driver security update advisory for Redshift

May 20 2024

Overview

We have released an update to address a vulnerability in the Amazon JDBC driver for Redshift. users of affected versions are advised to update to the latest version.

Affected Products

Versions of com.amazon.redshift:redshift-jdbc42 prior to 2.1.0.28 (excluded)

Resolved Vulnerabilities

SQL Injection vulnerability when using connection property `preferQueryMode=simple` with application code with vulnerable SQL that invalidates parameter values (CVE-2024-32888)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Com.amazon.redshift:redshift-jdbc42 version 2.1.0.28

Referenced Sites

[1] CVE-2024-32888 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-32888

[2] SQL Injection via line comment generation

https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm

Amazon JDBC driver security update advisory for Redshift

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome browser security update advisory

ManageEngine (PAM360) Product May 2024 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome browser security update advisory

ManageEngine (PAM360) Product May 2024 Security Update Advisory