7 matches found
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
alvin-cli (>=0.0.1a0 <=1.2.0rc18), cumulus-library (>=0.1.2 <=1.4.0) +15 more potentially affected by CVE-2023-36830 via sqlfluff (>=0.11.2 <=2.1.1)
sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.1.2, =0.1.2, =0.19.1a7, =0.9.3, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.3.0a0, =0.13.2.6, =1.0.2, =0.8.0, =0.0.0, =1.2.1, =2.1.1 and more Source cves: CVE-2023-36830 Source advisory: OSV:GHSA-JQHC-M2J3-FJRX...
CVE-2023-36830
creationtimestamp| type| source ---|---|--- 2023-07-06 20:20:31+00:00| seen| https://t.me/cibsecurity/66142...
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
alvin-cli (>=0.0.1a0 <=1.2.0rc18), cumulus-library (>=0.1.2 <=1.4.0) +15 more potentially affected by CVE-2023-36830 via sqlfluff (>=0.11.2 <=2.1.1)
sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.1.2, =0.1.2, =0.19.1a7, =0.9.3, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.3.0a0, =0.13.2.6, =1.0.2, =0.8.0, =0.0.0, =1.2.1, =2.1.1 and more Source cves: CVE-2023-36830 Source advisory: OSV:PYSEC-2023-111...
CVE-2023-36830
CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...