CVE-2024-12744: Amazon Redshift JDBC Driver vulnerable to SQL Injection

December 26, 2024

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

References

aws.amazon.com/security/security-bulletins/AWS-2024-015
github.com/advisories/GHSA-8596-2jgr-ppj7
github.com/aws/amazon-redshift-jdbc-driver
github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7
nvd.nist.gov/vuln/detail/CVE-2024-12744

Code Behaviors & Features

Detect and mitigate CVE-2024-12744 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →