Arbitrary Code Execution

avatica-core is vulnerable to arbitrary code execution. The vulnerability exists due to the getInstance function of AvaticaHttpClientFactoryImpl.java does not properly verify the HTTP client classes before being instantiating, allowing an attacker to inject and execute malicious code through the...

cn.guruguru:datalink (>=0.0.1 <=0.0.2), cn.tenmg:flink-connector-mysql-cdc-log (=1.0.0) +822 more potentially affected by CVE-2022-36364 via org.apache.calcite.avatica:avatica-core (>=1.10.0 <=1.21.0)

org.apache.calcite.avatica:avatica-core MAVEN version =1.10.0, =0.0.1, =0.0.2, =1.1.2, =1.1.2, =1.3.0, =1.3.0, =1.3.1, =1.4.0, =1.3.0, =1.3.0, =1.3.1, =1.6.2 and more Source cves: CVE-2022-36364 Source advisory: OSV:GHSA-W7F5-JRPR-5C2M...