CVE-2024-12746

Source
https://cve.org/CVERecord?id=CVE-2024-12746
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12746.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12746
Aliases
  • GHSA-g63m-5vjv-wr3v
Published
2024-12-24T16:16:37.499Z
Modified
2026-07-15T01:49:08.779039410Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0
Details

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.

Database specific
{
    "cna_assigner": "AMZN",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12746.json",
    "cwe_ids": [
        "CWE-89"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.1.5.0"
                },
                {
                    "last_affected": "2.1.5.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/aws/amazon-redshift-odbc-driver

Affected ranges

Type
GIT
Repo
https://github.com/aws/amazon-redshift-odbc-driver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v2.*
v2.0.0.1
v2.0.0.11
v2.0.0.3
v2.0.0.5
v2.0.0.6
v2.0.0.7
v2.0.0.8
v2.0.0.9
v2.0.1.0
v2.1.0.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12746.json"