9 matches found
EUVD-2024-3598
Malicious code in bioql PyPI...
CVE-2024-49194
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...
Remote Code Execution (RCE)
com.databricks, databricks-jdbc is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient validation or sanitization of the krbJAASFile parameter in the Databricks JDBC Driver, allows the attacker to manipulate the JDBC URL, enabling a JNDI injection that can lead to...
Databricks JDBC Driver Command Injection vulnerability
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...
CVE-2024-49194
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...
CVE-2024-49194
Databricks JDBC Driver 2.x (prior to 2.6.40) is affected by a JNDI injection vulnerability via the krbJAASFile parameter in a JDBC URL. The issue allows remote code execution in the driver context if a user connects using a crafted URL that includes the krbJAASFile property. Root cause is imprope...
CVE-2024-49194
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...
CVE-2024-49194
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...
PT-2024-10170 · Databricks · Databricks Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Databricks JDBC Driver versions prior to 2.6.40 Description: The issue is related to the improper handling of the krbJAASFile parameter, allowing a remote attacker to execute arbitrary code by triggering a JNDI injection via a JDBC URL...