Advisories for Pypi/Redshift_connector package

2025

Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

Amazon Redshift Python Connector is a pure Python connector to Redshift (i.e., driver) that implements the Python Database API Specification 2.0. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider.

2024

Amazon Redshift Python Connector vulnerable to SQL Injection

A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the get_schemas, get_tables, or get_columns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.