A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Dec 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 25 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 24 Dec 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. | |
Title | SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4 | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: AMZN
Published: 2024-12-24T16:15:08.718Z
Updated: 2024-12-26T14:18:20.022Z
Reserved: 2024-12-18T01:02:13.095Z
Link: CVE-2024-12745
Vulnrichment
Updated: 2024-12-25T02:38:55.288Z
NVD
Status : Received
Published: 2024-12-24T17:15:08.150
Modified: 2024-12-26T15:15:06.527
Link: CVE-2024-12745
Redhat
No data.