SQL Injection Vulnerability in Amazon Redshift Python Connector
CVE-2024-12745

8.6HIGH

Key Information:

Vendor: Amazon
Status: Amazon Redshift Python Connector
Vendor: CVE Published:; 24 December 2024

What is CVE-2024-12745?

A SQL injection vulnerability has been identified in the Amazon Redshift Python Connector version 2.1.4. This flaw can be exploited by a user to gain elevated privileges through the get_schemas, get_tables, or get_columns Metadata APIs. Users are strongly advised to upgrade to version 2.1.5 or roll back to version 2.1.3 to mitigate the risk associated with this vulnerability. For more information, please refer to the security advisory provided by Amazon Web Services.

Affected Version(s)

Amazon Redshift Python Connector 2.1.4

References

https://github.com/aws/amazon-redshift-python-driver/secu...

vendor-advisory

https://aws.amazon.com/security/security-bulletins/AWS-20...

vendor-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 24, 2024
Vulnerability Reserved
Dec 18, 2024