CVE-2023-49198 – org.apache.seatunnel:seatunnel

Package

Manager: maven
Name: org.apache.seatunnel:seatunnel
Vulnerable Version: =1.0.0 || >=1.0.0 <1.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00317 pctl0.54198

Details

Apache SeaTunnel SQL Injection vulnerability Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Metadata

Created: 2024-08-21T12:30:25Z
Modified: 2024-08-21T20:10:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8m84-h9hh-3cfh/GHSA-8m84-h9hh-3cfh.json
CWE IDs: ["CWE-552"]
Alternative ID: GHSA-8m84-h9hh-3cfh
Finding: F123
Auto approve: 1