oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability

From: Jun Gao <gaojun2048 () apache org>
Date: Wed, 21 Aug 2024 02:42:21 +0000
Severity: important

Affected versions:

- Apache SeaTunnel Web 1.0.0

Description:

Mysql security vulnerability in Apache SeaTunnel.

Attackers can read files on the MySQL server by modifying the information in the MySQL URL

 allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360
This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Credit:

jiahua huang (reporter)

References:

https://lists.apache.org/thread/nprwwhh2t9r91lg6kxcgqz2xzq34ojbs
https://seatunnel.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-49198
Previous By Date Next
Previous By Thread Next

Current thread: