Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4fa73da8-a1b9-70c0-c7cb-019994df39a3@apache.org>
Date: Wed, 21 Aug 2024 02:42:21 +0000
From: Jun Gao <gaojun2048@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read
 vulnerability 

Severity: important

Affected versions:

- Apache SeaTunnel Web 1.0.0

Description:

Mysql security vulnerability in Apache SeaTunnel.

Attackers can read files on the MySQL server by modifying the information in the MySQL URL

 allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360
This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Credit:

jiahua huang (reporter)

References:

https://lists.apache.org/thread/nprwwhh2t9r91lg6kxcgqz2xzq34ojbs
https://seatunnel.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-49198

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.