6 matches found
RedShift Python Connector < 2.1.5 (CVE-2024-12745)
The Amazon Redshift Python Connector, version 2.1.4, is affected by CVE-2024-12745, a SQL injection issue when utilizing the getschemas, gettables, or getcolumns Metadata APIs. This issue has been addressed in driver version 2.1.5. We recommend customers upgrade to the driver version 2.1.5 or...
CVE-2024-12745 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-12745 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-12745
creationtimestamp| type| source ---|---|--- 2024-12-24 16:24:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113708724574832048 2024-12-24 17:15:29+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3le2x3atkgk2a 2024-12-24 19:25:26+00:00| seen|...
CVE-2024-12745
Summary: CVE-2024-12745 affects the Amazon Redshift Python Connector (version 2.1.4). The vulnerability is a SQL injection occurring through the metadata APIs get_schemas, get_tables, and get_columns, potentially enabling elevated privileges. Impact and remediation: Upgrade to driver version 2.1....
CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...