Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/14 11:20 a.m.11 views

CVE-2024-27438

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...

9.8CVSS7.6AI score0.00962EPSS
Exploits0References1
NVD
NVD
added 2024/03/21 10:15 a.m.14 views

CVE-2024-27438

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...

9.8CVSS7.2AI score0.00962EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/21 9:39 a.m.30 views

CVE-2024-27438 Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...

7.5AI score0.00962EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/21 9:39 a.m.25 views

CVE-2024-27438 Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...

9.9AI score0.00962EPSS
Exploits0References2
CVE
CVE
added 2024/03/21 9:39 a.m.88 views

CVE-2024-27438

CVE-2024-27438 affects Apache Doris. The vulnerability arises from downloading and loading arbitrary JDBC driver jars used by the JDBC catalog, enabling remote command execution when a catalog is initialized with unchecked code snippets. Affected versions are Doris 1.2.0 through 2.0.4; upgrade to...

9.8CVSS9.9AI score0.00962EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder