CVE-2024-12745 HIGH

CVE-2024-12745: SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4

Vendor Amazon

Product Amazon Redshift Python Connector

Weakness CWE-89 · SQLi

Published December 24, 2024

Last update October 14, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.

Key dates

Disclosure timeline

December 24, 2024 CVE published

October 14, 2025 Record updated