5 matches found
CVE-2024-27438
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...
CVE-2024-27438
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...
CVE-2024-27438 Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...
CVE-2024-27438 Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...
CVE-2024-27438
CVE-2024-27438 affects Apache Doris. The vulnerability arises from downloading and loading arbitrary JDBC driver jars used by the JDBC catalog, enabling remote command execution when a catalog is initialized with unchecked code snippets. Affected versions are Doris 1.2.0 through 2.0.4; upgrade to...