High severityNVD Advisory· Published Dec 24, 2024· Updated Oct 14, 2025
SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31
CVE-2024-12744
Description
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.amazon.redshift:redshift-jdbc42Maven | >= 2.1.0.31, < 2.1.0.32 | 2.1.0.32 |
Affected products
2- Range: 2.1.0.31
Patches
Vulnerability mechanics
References
6- github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32ghsapatchWEB
- aws.amazon.com/security/security-bulletins/AWS-2024-015/mitrevendor-advisory
- github.com/advisories/GHSA-8596-2jgr-ppj7ghsaADVISORY
- github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-12744ghsaADVISORY
- aws.amazon.com/security/security-bulletins/AWS-2024-015ghsaWEB
News mentions
0No linked articles in our index yet.