CVE-2024-12746

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-12746

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12746.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-12746

Aliases

GHSA-g63m-5vjv-wr3v

Published

2024-12-24T17:15:08.353Z

Modified

2026-03-14T15:02:55.613170Z

Severity

8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.

References

Affected packages

Git / github.com/aws/amazon-redshift-odbc-driver

Affected ranges

Type: GIT
Repo: https://github.com/aws/amazon-redshift-odbc-driver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ffd6c87492547a6da9f6c55474155f0295fe1fff

Affected versions

v2.*

v2.0.0.1

v2.0.0.11

v2.0.0.3

v2.0.0.5

v2.0.0.6

v2.0.0.7

v2.0.0.8

v2.0.0.9

v2.0.1.0

v2.1.0.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12746.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.1.5.0"
            }
        ]
    }
]