Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-12744

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

Published

2024-12-24T17:15:07.940

Last Modified

2025-10-14T19:15:36.217

Status

Modified

Source

ff89ba41-3aa1-4d27-914a-91399e9639e5

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	amazon_web_services_redshift_java_database_connectivity_driver	2.1.0.31	Yes

References

https://aws.amazon.com/security/security-bulletins/AWS-2024-015/ Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32 (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7 Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)