186 matches found
Malicious Package
Overview @cloudplatform-single-spa/dataplatform-trino is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
CLEANSTART-2026-RM01950 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-67721, CVE-2025-68119, CVE-2025-68121, CVE-2026-1225, CVE-2026-1605, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-72hv-8253-57qq applied in versions: 479-r0, 480-r1
Multiple security vulnerabilities affect the trino package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-42582 vulnerabilities
Vulnerabilities for packages: spark, opensearch, trino, druid...
GHSA-2C5C-CHWR-9HQW vulnerabilities
Vulnerabilities for packages: spark, opensearch, trino, druid...
CLEANSTART-2026-HQ78610 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java
Multiple security vulnerabilities affect the trino package. Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. See references for individual vulnerability details...
CLEANSTART-2026-DO09088 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-67721, CVE-2025-68119, CVE-2025-68121, CVE-2026-1225, CVE-2026-1605, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-72hv-8253-57qq applied in versions: 479-r0
Multiple security vulnerabilities affect the trino package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-34214
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
EUVD-2026-17459
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
CVE-2026-34214
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
CVE-2026-34214 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
CVE-2026-34214 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
CVE-2026-34214
Trino’s Iceberg REST catalog vulnerability (CVE-2026-34214) affects versions 439–479, where static or vended credentials used by the Iceberg REST catalog could be accessed by users with SQL write privileges via query JSON. The issue has been patched in version 480. Affected users should upgrade t...
CVE-2026-34214 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
trino 安全漏洞
Trino is a distributed SQL query engine developed by Trino in open source. There were security vulnerabilities in versions 439 to 480 of Trino. These vulnerabilities stemmed from static or temporary credentials in the Iceberg connector’s REST directory, which could be accessed by users with...
GHSA-X27P-5F68-M644 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2026-34214 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2026-34214 vulnerabilities
Vulnerabilities for packages: trino...
GHSA-X27P-5F68-M644 vulnerabilities
Vulnerabilities for packages: trino...
io.github.jordepic:dataharness-trino (>=1.0 <=2.0) potentially affected by CVE-2026-34214 via io.trino:trino-iceberg (=476)
io.trino:trino-iceberg MAVEN version =476 is affected by a known vulnerability. The following packages have a transitive dependency on io.trino:trino-iceberg and may be impacted: - io.github.jordepic:dataharness-trino =1.0, =2.0 Source cves: CVE-2026-34214 Source advisory: OSV:GHSA-X27P-5F68-M644...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...