VDB
CVE-2024-12745
CVE-2024-12745
PUBLISHED
CVSS 8.600000381469727 HIGH
Amazon Redshift Python Connector vulnerable to SQL Injection
EPSS 0.90% · 76.0th percentile
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.90%
76.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Amazon Redshift Python Connector | 2.1.4, 2.1.4 |
| PyPI | redshift_connector | 2.1.4, 2.1.4, 2.1.4 |
| amazon | redshift_connector | 2.1.4, 2.1.4, 2.1.4 |
Timeline
- Dec 24, 2024 Coalition ESS Score
- Dec 24, 2024 CVE Published
- Dec 24, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Dec 25, 2024 EPSS Score
- Dec 26, 2024 PoC Published
- Dec 26, 2024 PoC Published
- Dec 26, 2024 PoC Published
- Dec 27, 2024 PoC Published
- Jan 10, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
References
- https://github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-8gc2-vq6m-rwjw vendor-advisory
- https://aws.amazon.com/security/security-bulletins/AWS-2024-015/ vendor-advisory
- https://github.com/aws/amazon-redshift-python-driver/releases/tag/v2.1.5 patch
- https://nvd.nist.gov/vuln/detail/CVE-2024-12745 advisory
- https://aws.amazon.com/security/security-bulletins/AWS-2024-015 url
- https://github.com/aws/amazon-redshift-python-driver package