CVE-2024-12745

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

SQL Injection

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to SQL Injection via the getschemas, gettables, or getcolumns APIs. An attacker can escalate privileges by injecting a malicious schema and causing a higher privileged user or process to...

redshift_connector 安全漏洞

redshiftconnector is an Amazon Web Services open source Amazon Redshift connector for Python. A security vulnerability exists in redshiftconnector version 2.1.4 that stems from the presence of a SQL injection vulnerability that allows escalated privileges to be gained via the getschemas, gettable...

PT-2024-10193 · Amazon · Amazon Redshift Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Amazon Redshift JDBC Driver version 2.1.0.31 Description: A SQL injection issue in the Amazon Redshift JDBC Driver allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. This issue can be...