7 matches found
CVE-2026-41041
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...
CVE-2026-41041
CVE-2026-41041 affects Apache Gravitino (1.0.0 to before 1.2.1). The issue is a URL path injection due to unencoded user-supplied identifiers in the MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints. Impact per sources: potential confidentiality and in...
CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...
CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs
Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...
PT-2026-57679
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...
CVE-2025-53648
CVE-2025-53648 affects Gravitino UI prior to 1.0.0, where a SQL misconfiguration can allow a malicious user to read or truncate files. The vulnerability is triggered by improper SQL handling in the Gravitino UI, impacting versions 1.0.0 and earlier. Upgrading to version 1.0.0 (as recommended) fix...
apache-gravitino (>=1.2.0 <=1.3.0rc2), cloudquery-plugin-sdk (=0.1.52) +15 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)
black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.17, =0.1.18 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...