2 matches found
Unauthorized File Access
duckdb is vulnerable to Unauthorized File Access. The vulnerability is due to inadequate restrictions in the sniffcsv function, allowing access to the filesystem even when enableexternalaccess=false. Attackers can exploit this by reading content from files such as /etc/hosts and proc/self/environ...
CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...