Apache Calcite is an open source framework from the Apache Foundation for building database and data management systems.A code injection vulnerability exists in the Apache Calcite Avatica JDBC driver, which stems from the fact that classes are not verified to implement the expected interface before instantiation, and can be exploited by attackers to cause code execution via arbitrary class loading and, in rare cases, remote code execution.