15 matches found
CVE-2022-36364
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data
Summary Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via...
IBM Cognos Analytics Multiple Vulnerabilities (6841801)
The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 6 or 11.2.x prior to 11.2.4. It is, therefore, affected by multiple vulnerabilities, including the following: - A flaw in the JDBC driver of Apache Calcite Avatica can allow an unauthenticated,...
Security Bulletin: Potential vulnerability in Apache Calcite Avatica affects IBM Operations Analytics - Log Analysis (CVE-2022-36364)
Summary Prior to version 1.22.0 vulnerability in Apache Calcite Avatica allow a remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-36364 DESCRIPTION: Apache Calcite Avatica could allow a remote attacker to execute arbitrary code on t...
Apache Calcite Code Injection Vulnerability
Apache Calcite is an open source framework from the US Apache Apache Foundation for building databases and data management systems. A code injection vulnerability exists in the Apache Calcite Avatica JDBC driver, which stems from the fact that classes are not verified to implement the expected...
Arbitrary Code Execution
avatica-core is vulnerable to arbitrary code execution. The vulnerability exists due to the getInstance function of AvaticaHttpClientFactoryImpl.java does not properly verify the HTTP client classes before being instantiating, allowing an attacker to inject and execute malicious code through the...
GHSA-W7F5-JRPR-5C2M Apache Calcite Avatica JDBC driver arbitrary code execution
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
Apache Calcite Avatica JDBC driver arbitrary code execution
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
cn.guruguru:datalink (>=0.0.1 <=0.0.2), cn.tenmg:flink-connector-mysql-cdc-log (=1.0.0) +822 more potentially affected by CVE-2022-36364 via org.apache.calcite.avatica:avatica-core (>=1.10.0 <=1.21.0)
org.apache.calcite.avatica:avatica-core MAVEN version =1.10.0, =0.0.1, =0.0.2, =1.1.2, =1.1.2, =1.3.0, =1.3.0, =1.3.1, =1.4.0, =1.3.0, =1.3.0, =1.3.1, =1.6.2 and more Source cves: CVE-2022-36364 Source advisory: OSV:GHSA-W7F5-JRPR-5C2M...
CVE-2022-36364
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
CVE-2022-36364
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
Code injection
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
CVE-2022-36364 Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...
CVE-2022-36364
Apache Calcite Avatica JDBC driver is affected by CVE-2022-36364 due to insecure dynamic instantiation of httpclient_impl classes without validating they implement the expected interface, enabling potential code execution loaded from arbitrary classes. The issue is addressed starting with Avatica...
PT-2022-4408 · Apache · Apache Calcite Avatica Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Apache Calcite Avatica JDBC driver versions prior to 1.22.0 Description: The issue is related to the creation of HTTP client instances based on class names provided via the httpclient impl connection property. The driver does not verify if th...