EUVD-2023-32153

Malicious code in bioql PyPI...

CVE-2023-22949

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...

CVE-2023-22950

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...

CVE-2022-30331

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28483

TigerGraph Enterprise 3.7.0 contains a local file-write control bypass in GSQL: queries using UDFs can bypass GSQL.FileOutputPolicy and write to any file location accessible to the admin. This is triggered when GSQL queries include UDFs, allowing writes outside configured policy. Impact is descri...

CVE-2023-22949

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...

CVE-2023-22950

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...

Code injection

DISPUTED The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

CVE-2022-30331

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

TigerGraph 输入验证错误漏洞

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. TigerGraph version 3.6.0 suffers from an input validation error vulnerability that stems from a User Defined Function UDF feature tha...

CVE-2022-30331

TigerGraph 3.6.0 is affected by a vulnerability in the User-Defined Functions (UDF) feature that lets an attacker install a GSQL query without proper validation, enabling arbitrary C++ code execution. Impact is high (remote execution with elevated risk if UDF is enabled). Evidence from multiple s...