CVE-2024-12745
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-12745
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12745.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-12745
- Aliases
- Related
- Published
- 2024-12-24T17:15:08.150Z
- Modified
- 2025-12-13T04:37:29.101471Z
- Severity
-
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.
- References
Affected packages
Git / github.com/aws/amazon-redshift-python-driver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aws/amazon-redshift-python-driver
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.905
v2.*
v2.0.384
v2.0.389
v2.0.393
v2.0.399
v2.0.405
v2.0.659
v2.0.711
v2.0.872
v2.0.873
v2.0.874
v2.0.875
v2.0.876
v2.0.877
v2.0.878
v2.0.879
v2.0.880
v2.0.881
v2.0.882
v2.0.883
v2.0.884
v2.0.885
v2.0.886
v2.0.887
v2.0.888
v2.0.889
v2.0.900
v2.0.901
v2.0.902
v2.0.903
v2.0.904
v2.0.906
v2.0.908
v2.0.909
v2.0.910
v2.0.911
v2.0.912
v2.0.913
v2.0.914
v2.0.915
v2.0.916
v2.0.917
v2.0.918
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4