CVE-2022-30331 – pytigergraph

Package

Manager: pip
Name: pytigergraph
Vulnerable Version: =0.0.0.5 || =0.0.2 || =0.0.3 || =0.0.4 || =0.0.4.5 || =0.0.4.6 || =0.0.4.7 || =0.0.4.7.1 || =0.0.4.7.2 || =0.0.4.7.3 || =0.0.4.7.4 || =0.0.4.7.5 || =0.0.4.7.6 || =0.0.5 || =0.0.5.1 || =0.0.5.2 || =0.0.5.3 || =0.0.5.4 || =0.0.5.5 || =0.0.5.6 || =0.0.5.7 || =0.0.5.8 || =0.0.6.0 || =0.0.6.1 || =0.0.6.2 || =0.0.6.3 || =0.0.6.4 || =0.0.6.5 || =0.0.6.6 || =0.0.6.7 || =0.0.6.8 || =0.0.6.9 || =0.0.7 || =0.0.8 || =0.0.8.1 || =0.0.8.2 || =0.0.8.4 || =0.0.8.5 || =0.0.9 || =0.0.9.1 || =0.0.9.2 || =0.0.9.3 || =0.0.9.4 || =0.0.9.5 || =0.0.9.6.2 || =0.0.9.6.3 || =0.0.9.6.4 || =0.0.9.6.5 || =0.0.9.6.6 || =0.0.9.6.7 || =0.0.9.6.8 || =0.0.9.6.9 || =0.0.9.7.1 || =0.0.9.7.2 || =0.0.9.7.3 || =0.0.9.7.4 || =0.0.9.7.5 || =0.0.9.7.6 || =0.0.9.7.7 || =0.0.9.7.8 || =0.0.9.7.9 || =0.0.9.8.0 || =0.0.9.8.1 || =0.0.9.8.2 || =0.0.9.8.3 || =0.0.9.8.4 || =0.0.9.8.5 || =0.0.9.8.6 || =0.0.9.8.7 || =0.0.9.8.8 || =0.0.9.8.9 || =0.0.9.9.0 || =0.0.9.9.1 || =0.0.9.9.2 || =0.9 || =0.9.1 || =0.9.2 || =1.0 || =1.0.1 || =1.0.2 || =1.1 || =1.2 || =1.2.1 || =1.2.2 || =1.2.3 || =1.2.4 || =1.2.5 || =1.2.6 || =1.3 || =1.3.1 || =1.3.2 || =1.3.3 || =1.3.4 || =1.4 || =1.4.1 || =1.4.2 || =1.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00382 pctl0.58793

Details

The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."

Metadata

Created: 2022-09-05T16:15:00Z
Modified: 2023-11-08T04:09:17.692360Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F184
Auto approve: 1