70 matches found
Path traversal
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
CVE-2018-14672
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
UBUNTU-CVE-2018-14672
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
CVE-2018-14672
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
PT-2019-9043 · Yandex · Clickhouse
Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 18.12.13 Description: The issue allows path traversal and reading of arbitrary files through error messages in functions for loading CatBoost models. Recommendations: For versions prior to 18.12.13, update to...
ai.catboost:catboost-spark_2.3_2.11 (>=0.25 <=1.2.7), ai.h2o:sparkling-water-examples_2.11 (>=2.3.0 <=2.3.6) +165 more potentially affected by CVE-2018-1334 via org.apache.spark:spark-core_2.11 (=2.3.0)
org.apache.spark:spark-core2.11 MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.11 and may be impacted: - ai.catboost:catboost-spark2.32.11 =0.25, =2.3.0, =2.3.0, =0.0.3, =1.0, =0.1.0, =1.0, =0.4.0,...
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1038 more potentially affected by CVE-2018-11770 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.3.2)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2018-11770 Source advisory: OSV:GHSA-W4R4-65MG-45X2...
Fixed in ClickHouse Release 18.12.13, 2018-09-10
Functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
Fixed in ClickHouse Release 18.12.13, 2018-09-10
Functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
CVE-2018-14672
Functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. Andrey Krasichkov of Yandex Information Security Team...