A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Dec 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 25 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 24 Dec 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. | |
Title | SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31 | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: AMZN
Published: 2024-12-24T16:12:51.304Z
Updated: 2024-12-26T14:18:13.411Z
Reserved: 2024-12-18T01:02:10.694Z
Link: CVE-2024-12744
Vulnrichment
Updated: 2024-12-25T02:38:57.900Z
NVD
Status : Received
Published: 2024-12-24T17:15:07.940
Modified: 2024-12-26T15:15:06.290
Link: CVE-2024-12744
Redhat
No data.