CVE-2018-14672
CVE-2018-14672 affects ClickHouse prior to 18.12.13. The issue is in functions for loading CatBoost models, allowing path traversal and reading arbitrary files via error messages. Affected versions are prior to 18.12.13; the root cause is improper handling in those loading functions. Red Hat, Ubu...