108 matches found
Code Injection
Apache Flink is vulnerable to Code Injection. The vulnerability is due to improper escaping of user-controlled strings during SQL code generation, which allows an authenticated attacker to inject arbitrary Java code and execute it on TaskManagers through specially crafted SQL queries...
BIT-FLINK-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
com.datasqrl.flinkrunner:stdlib-json (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2) +14 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.1.0 <=2.1.1)
org.apache.flink:flink-table-runtime MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...
GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
CVE-2026-35194
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
CVE-2026-35194
CVE-2026-35194 affects Apache Flink: code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via malicious SQL queries. Affected are Flink versions 1.15.0–1.20.x and 2.0.0–2.x, with JSON functions (1.15.0+) and LI...
CVE-2026-35194
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
EUVD-2026-30550
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
Security Bulletin: IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink
Summary IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink 1.4.5 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers...
SQL Injection
Apache Flink CDC is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied identifiers, such as crafted database or table names, which allows an attacker to inject malicious SQL and manipulate queries within the application...
EUVD-2025-33342
Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers...
CVE-2025-62228
Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...
CVE-2025-62228
CVE-2025-62228 affects Apache Flink CDC: version 3.4.0 is vulnerable to SQL injection via maliciously crafted identifiers (e.g., database or table names). The issue can be triggered by a logged-in database user, with remediation to upgrade to 3.5.0 (or apply fixes per advisories). Connected docum...
Apache Flink CDC SQL注入漏洞
Apache Flink CDC is a real-time data capture framework from the Apache Foundation. An SQL injection vulnerability exists in Apache Flink CDC version 3.4.0, which stems from improper handling of specially crafted identifiers such as database names or table names, which could lead to SQL injection...
EUVD-2021-0970
Malware in sbrugna...
EUVD-2023-46326
Malicious code in bioql PyPI...