Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.11 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.5AI score0.00414EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/07/06 9:5 p.m.8 views

alvin-cli (>=0.0.1a0 <=1.2.0rc18), cumulus-library (>=0.1.2 <=1.4.0) +15 more potentially affected by CVE-2023-36830 via sqlfluff (>=0.11.2 <=2.1.1)

sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.1.2, =0.1.2, =0.19.1a7, =0.9.3, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.3.0a0, =0.13.2.6, =1.0.2, =0.8.0, =0.0.0, =1.2.1, =2.1.1 and more Source cves: CVE-2023-36830 Source advisory: OSV:GHSA-JQHC-M2J3-FJRX...

7.8CVSS7AI score0.00414EPSS
Exploits1
Circl
Circl
added 2023/07/06 8:20 p.m.11 views

CVE-2023-36830

creationtimestamp| type| source ---|---|--- 2023-07-06 20:20:31+00:00| seen| https://t.me/cibsecurity/66142...

7.8CVSS7.4AI score0.00414EPSS
Exploits1References1
NVD
NVD
added 2023/07/06 4:15 p.m.73 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.1AI score0.00414EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/07/06 4:15 p.m.7 views

alvin-cli (>=0.0.1a0 <=1.2.0rc18), cumulus-library (>=0.1.2 <=1.4.0) +15 more potentially affected by CVE-2023-36830 via sqlfluff (>=0.11.2 <=2.1.1)

sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.1.2, =0.1.2, =0.19.1a7, =0.9.3, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.3.0a0, =0.13.2.6, =1.0.2, =0.8.0, =0.0.0, =1.2.1, =2.1.1 and more Source cves: CVE-2023-36830 Source advisory: OSV:PYSEC-2023-111...

7.8CVSS7AI score0.00414EPSS
Exploits1
CVE
CVE
added 2023/07/06 3:3 p.m.50 views

CVE-2023-36830

CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...

7.8CVSS7AI score0.00414EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/06 12:0 a.m.53 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.2AI score0.00414EPSS
Exploits1References3
Rows per page
Query Builder