Name of the Vulnerable Software and Affected Versions Presto JDBC (affected versions not specified)

Description The issue allows for Server-Side Request Forgery (SSRF) when connecting to a remote Presto server. An attacker can modify the nextUri parameter to point to an internal server, causing the Presto JDBC client to request it and potentially leak sensitive information or perform a local port scan. The nextUri parameter specifies the URI for the client's next request to obtain more query data. If a malicious server modifies this parameter, the JDBC client will directly use it, leading to SSRF. For unexpected responses, the JDBC client will include the response body in the error, potentially leaking the internal server's response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.