CVE-2023-49198

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:33

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/08/21/2 -

23 Aug 2024, 16:56

Type Values Removed Values Added
First Time Apache seatunnel
Apache
CPE cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*
References () https://lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08h - () https://lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08h - Mailing List, Vendor Advisory

21 Aug 2024, 14:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
Summary
  • (es) Vulnerabilidad de seguridad de MySQL en Apache SeaTunnel. Los atacantes pueden leer archivos en el servidor MySQL modificando la información en la URL de MySQL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versión [1.0.1], que soluciona el problema.

21 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-21 10:15

Updated : 2024-11-21 08:33


NVD link : CVE-2023-49198

Mitre link : CVE-2023-49198

CVE.ORG link : CVE-2023-49198


JSON object : View

Products Affected

apache

  • seatunnel
CWE
CWE-552

Files or Directories Accessible to External Parties