Lucene search
+L

246 matches found

vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.8 views

com.datasqrl.flinkrunner:stdlib-json (>=0.9.0 <=0.10.1), com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4) +17 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (=2.2.0)

org.apache.flink:flink-table-runtime MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-runtime and may be impacted: - com.datasqrl.flinkrunner:stdlib-json =0.9.0, =0.9.0, =0.9.0, =0.9.0, =2.2.0-EXNESS-0.1...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.6 views

cn.ibizlab.plugin:ibiz-dataflow-flink (>=8.1.0.371 <=8.1.0.567.22), cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7) +184 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=1.15.0 <=1.20.3)

org.apache.flink:flink-table-runtime MAVEN version =1.15.0, =8.1.0.371, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =0.5.0, =0.5.0, =1.4.0, =1.4.0, =1.4.0, =1.0, =1.0.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799799...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.12 views

cn.ibizlab.plugin:ibiz-dataflow-flink (>=8.1.0.371 <=8.1.0.567.22), cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7) +348 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=1.15.0 <=1.20.3)

org.apache.flink:flink-table-api-java MAVEN version =1.15.0, =8.1.0.371, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =1.0.2, =0.5.0, =0.5.0, =1.4.0, =1.5.6.2 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

com.couchbase.client.flink-connector-couchbase_2.12:flink-connector-couchbase_2.12 (=0.5.0), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0-alpha1 <=0.9.0-alpha2) +29 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.1.0 <=2.1.1)

org.apache.flink:flink-table-api-java MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =0.2.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory:...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
OSV
OSV
added 2026/05/15 6:30 p.m.104 views

GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/15 6:30 p.m.18 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

8.6CVSS6.3AI score0.00381EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 6:30 p.m.13 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

8.6CVSS6.3AI score0.00381EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 6:30 p.m.17 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

8.6CVSS6.3AI score0.00381EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/15 6:30 p.m.13 views

Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References6Affected Software3
NVD
NVD
added 2026/05/15 4:16 p.m.42 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 3:27 p.m.13 views

EUVD-2026-30550

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 3:27 p.m.8 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

6.3AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 3:27 p.m.7 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

6.3AI score0.00381EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/15 3:27 p.m.87 views

CVE-2026-35194

CVE-2026-35194 affects Apache Flink: code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via malicious SQL queries. Affected are Flink versions 1.15.0–1.20.x and 2.0.0–2.x, with JSON functions (1.15.0+) and LI...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 3:27 p.m.60 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

0.00381EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 3:27 p.m.11 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.4AI score0.00381EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41310

Name of the Vulnerable Software and Affected Versions Apache Flink versions 1.15.0 through 1.20.x Apache Flink versions 2.0.0 through 2.x Description Code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers using...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Apache Flink 代码注入漏洞

Apache Flink is an open-source distributed stream processing engine developed by the Apache Foundation in the United States. The product is primarily written in Java and Scala languages. Versions of Apache Flink from 1.15.0 to 1.20.x, as well as from 2.0.0 to 2.x, contain a code injection...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References1
Rows per page
Query Builder