PT-2024-10194 · Amazon · Amazon Redshift Python Connector
Published
2024-12-18
·
Updated
2025-12-11
·
CVE-2024-12745
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Amazon Redshift Python Connector version 2.1.4
Description
A SQL injection in the Amazon Redshift Python Connector allows a user to gain escalated privileges via the
get schemas, get tables, or get columns Metadata APIs.Recommendations
For Amazon Redshift Python Connector version 2.1.4, upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. As a temporary workaround, consider restricting access to the
get schemas, get tables, and get columns Metadata APIs until a patch is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Redshift Python Connector