CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

HTTP Request Smuggling

github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling when processing queries. An attacker can smuggle another query packet into the connection stream by using a large, uncompressed malicious external data. Note: This is only exploitable if the attacker controls the...

ClickHouse 环境问题漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that originates when a query contains large uncompressed malicious external data, which allows an...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385 Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385 Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385

The CVE-2025-1385 vulnerability affects ClickHouse when the library_bridge feature is enabled and exposes an HTTP API on localhost (default port 9019). This configuration allows the ClickHouse server to dynamically load a library from a path and execute it in an isolated process, which, combined ...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

ClickHouse 安全漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that stems from an HTTP API exposure that could lead to arbitrary code execution...

Linux Distros Unpatched Vulnerability : CVE-2024-22412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in...

Linux Distros Unpatched Vulnerability : CVE-2022-44011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the...

Linux Distros Unpatched Vulnerability : CVE-2024-41436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. CVE-2024-41436 Note that Nessus relies ...

Linux Distros Unpatched Vulnerability : CVE-2022-44010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by...

PT-2025-7940 · Posthog · Posthog

Name of the Vulnerable Software and Affected Versions: PostHog affected versions not specified Description: The issue concerns a SQL injection vulnerability in PostHog's ClickHouse table functions, potentially leading to remote code execution. Recommendations: At the moment, there is no informati...

ClickHouse < 19.14.3

The version of ClickHouse installed on the remote host is prior to 19.14.3. It is, therefore, affected by a arbitrary file write vulnerability. In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the...

ClickHouse < 19.13.5.44

The version of ClickHouse installed on the remote host is prior to 19.13.5.44. It is, therefore, affected by a HTTP header injection vulnerability via the url table function. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

ClickHouse < 21.10.2.15 Multiple Vulnerabilities

The version of ClickHouse installed on the remote host is prior to 21.10.2.15. It is, therefore, affected by multiple vulnerabilities. - Heap out-of-bounds read vulnerability in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit...