GHSA-29h4-r29x-hchv

Source

https://github.com/advisories/GHSA-29h4-r29x-hchv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-29h4-r29x-hchv/GHSA-29h4-r29x-hchv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29h4-r29x-hchv

Aliases

CVE-2026-8838

Downstream

MINI-76wp-jcw2-w3xp

MINI-rq7p-g498-gwmc

Related

CGA-44f7-mm2v-vvg6

Published

2026-05-29T19:32:28Z

Modified

2026-06-02T21:46:43.990876636Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Details

Summary

amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrary code on the client.

Impact

When a client connects to a rogue server implementing the PostgreSQL wire protocol, the server can send specially crafted query responses that the driver processes without adequate input validation. This could result in arbitrary code execution in the client process, potentially enabling command execution, file system access, or credential theft with the privileges of the client application.

Impacted versions: <=2.1.13

Patches

This has been addressed in amazon-redshift-python-driver version 2.1.14 (https://github.com/aws/amazon-redshift-python-driver/releases/tag/v2.1.14). Amazon Redshift recommends upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

References

If there are any questions or comments about this advisory, contact AWS Security via the issue reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Acknowledgement

Amazon Redshift would like to thank Kexin Chen (@ckx-sec) for collaborating through the coordinated disclosure process.

Database specific

{
    "github_reviewed_at": "2026-05-29T19:32:28Z",
    "nvd_published_at": "2026-05-18T21:16:41Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-94"
    ]
}

References

Affected packages

PyPI / redshift-connector

Package

Name: redshift-connector; View open source insights on deps.dev
Purl: pkg:pypi/redshift-connector

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.14

Affected versions

2.*

2.0.384

2.0.389

2.0.393

2.0.399

2.0.405

2.0.659

2.0.711

2.0.872

2.0.873

2.0.874

2.0.875

2.0.876

2.0.877

2.0.878

2.0.879

2.0.880

2.0.881

2.0.882

2.0.883

2.0.884

2.0.885

2.0.886

2.0.887

2.0.888

2.0.889

2.0.900

2.0.901

2.0.902

2.0.903

2.0.904

2.0.905

2.0.906

2.0.907

2.0.908

2.0.909

2.0.910

2.0.911

2.0.912

2.0.913

2.0.914

2.0.915

2.0.916

2.0.917

2.0.918

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

Database specific

last_known_affected_version_range

"<= 2.1.13"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-29h4-r29x-hchv/GHSA-29h4-r29x-hchv.json"