CVE-2024-12744 HIGH

CVE-2024-12744: SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31

Vendor Amazon
Product Amazon Redshift JDBC Driver
Weakness CWE-89 · SQLi
Published December 24, 2024
Last update October 14, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

Key dates

02Disclosure timeline

December 24, 2024 CVE published
October 14, 2025 Record updated