PT-2024-10193 · Amazon · Amazon Redshift Jdbc Driver
Published
2024-12-18
·
Updated
2025-10-14
·
CVE-2024-12744
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Amazon Redshift JDBC Driver version 2.1.0.31
Description
A SQL injection issue in the Amazon Redshift JDBC Driver allows a user to gain escalated privileges via the
getSchemas, getTables, or getColumns Metadata APIs. This issue can be exploited by leveraging metadata APIs to retrieve information about database schemas, tables, or columns.Recommendations
For Amazon Redshift JDBC Driver version 2.1.0.31, upgrade to driver version 2.1.0.32 or revert to driver version 2.1.0.30 to resolve the issue. As a temporary workaround, consider restricting access to the
getSchemas, getTables, or getColumns Metadata APIs until a patch is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Redshift Jdbc Driver