5 matches found
CVE-2024-41672
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
aau-gomapedge-etl (=0.4.1), altimate-dataminion (>=0.0.11 <=0.0.20) +45 more potentially affected by CVE-2024-41672 via duckdb (=1.0.0)
duckdb PYPI version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on duckdb and may be impacted: - aau-gomapedge-etl =0.4.1 - altimate-dataminion =0.0.11, =0.3.0.2, =0.14.0, =2.2.1, =0.2.2, =0.10.23, =0.10.0, =0.1.3, =1.0.1, =0.3.0, =0.7.3 and mo...
DuckDB < 1.1.0 Unauthorized Filesystem Read (CVE-2024-41672)
The version of DuckDB installed on the remote host is affected by a vulnerability as referenced in the CVE-2024-41672 advisory. - In versions 1.0.0 and prior, content in filesystem is accessible for reading using 'sniffcsv', even with 'enableexternalaccess=false'. This vulnerability provides an...
CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
CVE-2024-41672
creationtimestamp| type| source ---|---|--- 2024-07-24 06:55:16+00:00| published-proof-of-concept| https://github.com/duckdb/duckdb/security/advisories/GHSA-w2gf-jxc9-pf2q 2024-07-24 20:49:55+00:00| seen| https://t.me/cvedetector/1583...