Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:43 a.m.7 views

CVE-2024-41672

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...

7.5CVSS7AI score0.00813EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/01/21 9:7 p.m.4 views

aau-gomapedge-etl (=0.4.1), altimate-dataminion (>=0.0.11 <=0.0.20) +45 more potentially affected by CVE-2024-41672 via duckdb (=1.0.0)

duckdb PYPI version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on duckdb and may be impacted: - aau-gomapedge-etl =0.4.1 - altimate-dataminion =0.0.11, =0.3.0.2, =0.14.0, =2.2.1, =0.2.2, =0.10.23, =0.10.0, =0.1.3, =1.0.1, =0.3.0, =0.7.3 and mo...

7.5CVSS5.8AI score0.00813EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.15 views

DuckDB < 1.1.0 Unauthorized Filesystem Read (CVE-2024-41672)

The version of DuckDB installed on the remote host is affected by a vulnerability as referenced in the CVE-2024-41672 advisory. - In versions 1.0.0 and prior, content in filesystem is accessible for reading using 'sniffcsv', even with 'enableexternalaccess=false'. This vulnerability provides an...

7.5CVSS5.6AI score0.00813EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/24 5:47 p.m.20 views

CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...

7.5CVSS0.00813EPSS
Exploits1References3
Circl
Circl
added 2024/07/24 6:55 a.m.9 views

CVE-2024-41672

creationtimestamp| type| source ---|---|--- 2024-07-24 06:55:16+00:00| published-proof-of-concept| https://github.com/duckdb/duckdb/security/advisories/GHSA-w2gf-jxc9-pf2q 2024-07-24 20:49:55+00:00| seen| https://t.me/cvedetector/1583...

7.5CVSS5.7AI score0.00813EPSS
Exploits1References2
Rows per page
Query Builder