GHSA-7xw4-g7mm-r4hh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7xw4-g7mm-r4hh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-7xw4-g7mm-r4hh/GHSA-7xw4-g7mm-r4hh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7xw4-g7mm-r4hh
- Related
- Published
- 2025-11-13T22:22:28Z
- Modified
- 2025-11-13T22:59:29.947056Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
- Details
-
Description of Vulnerability:
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
AWS recommends for customers to upgrade to the following versions: AWS JDBC Wrapper to v2.6.5 or greater.
Source of Vulnerability Report:
Allistair Ishmael Hakim allistair.hakim@gmail.com
Affected products & versions:
AWS JDBC Wrapper < 2.6.5
Platforms:
MacOS/Windows/Linux
- Database specific
{ "github_reviewed": true, "severity": "HIGH", "cwe_ids": [ "CWE-470" ], "nvd_published_at": null, "github_reviewed_at": "2025-11-13T22:22:28Z" }- References
-
- https://github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-7xw4-g7mm-r4hh
- https://github.com/aws/aws-advanced-jdbc-wrapper/commit/b62183b851fa46f891f9fe9c861e9ac2fb7d8b62
- https://github.com/aws/aws-advanced-jdbc-wrapper
- https://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/2.6.5
Affected packages
Maven / software.amazon.jdbc:aws-advanced-jdbc-wrapper
Package
- Name
- software.amazon.jdbc:aws-advanced-jdbc-wrapper
- View open source insights on deps.dev
- Purl
- pkg:maven/software.amazon.jdbc/aws-advanced-jdbc-wrapper
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.5