{"id":"CVE-2024-12745","details":"A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.","aliases":["GHSA-8gc2-vq6m-rwjw"],"modified":"2026-03-14T15:02:52.813395Z","published":"2024-12-24T17:15:08.150Z","related":["CGA-79p8-gxff-v32q"],"references":[{"type":"ADVISORY","url":"https://aws.amazon.com/security/security-bulletins/AWS-2024-015/"},{"type":"ADVISORY","url":"https://github.com/aws/amazon-redshift-python-driver/releases/tag/v2.1.5"},{"type":"ADVISORY","url":"https://github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-8gc2-vq6m-rwjw"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aws/amazon-redshift-python-driver","events":[{"introduced":"0"},{"last_affected":"85eadfb316c691c7ed74a819e123d7e1869a1cee"},{"fixed":"287359102590d8a4d8181708febc9792fc487e27"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.4"}]}}],"versions":["2.0.905","v2.0.384","v2.0.389","v2.0.393","v2.0.399","v2.0.405","v2.0.659","v2.0.711","v2.0.872","v2.0.873","v2.0.874","v2.0.875","v2.0.876","v2.0.877","v2.0.878","v2.0.879","v2.0.880","v2.0.881","v2.0.882","v2.0.883","v2.0.884","v2.0.885","v2.0.886","v2.0.887","v2.0.888","v2.0.889","v2.0.900","v2.0.901","v2.0.902","v2.0.903","v2.0.904","v2.0.906","v2.0.908","v2.0.909","v2.0.910","v2.0.911","v2.0.912","v2.0.913","v2.0.914","v2.0.915","v2.0.916","v2.0.917","v2.0.918","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12745.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}