11 matches found
Code Injection
Apache Flink is vulnerable to Code Injection. The vulnerability is due to improper escaping of user-controlled strings during SQL code generation, which allows an authenticated attacker to inject arbitrary Java code and execute it on TaskManagers through specially crafted SQL queries...
CVE-2026-35194
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...
GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
CVE-2026-35194
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
CVE-2026-35194
CVE-2026-35194 affects Apache Flink: code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via malicious SQL queries. Affected are Flink versions 1.15.0–1.20.x and 2.0.0–2.x, with JSON functions (1.15.0+) and LI...
CVE-2026-35194
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
EUVD-2026-30550
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
PT-2026-41310
Name of the Vulnerable Software and Affected Versions Apache Flink versions 1.15.0 through 1.20.x Apache Flink versions 2.0.0 through 2.x Description Code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers using...