CVE-2025-66336

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

EUVD-2025-210295

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

CVE-2025-66336

CVE-2025-66336 affects Apache Doris MCP Server. The issue is a SQL injection in a metadata query path where a user-controlled database name is directly interpolated into a SQL query and executed without enforcing the caller’s authorization context. This can allow an authenticated user, or an anon...

EUVD-2023-35298

Malicious code in bioql PyPI...

CVE-2020-9483

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

Arbitrary File Read

org.apache.linkis, linkis-metadata-query-service-jdbc is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient parameter filtering in the DataSource Manager Module, allowing an attacker to configure malicious MySQL JDBC parameters to read arbitrary files from the server...

GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

Apache SkyWalking Storage SQL Injection (CVE-2020-9483)

An SQL injection vulnerability exists in Apache SkyWalking H2 storage implementation. The vulnerability is due to insufficient validation of the user-supplied input for metadata query through GraphQL protocol...

CVE-2020-9483

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

Apache Incubator Superset Information Disclosure Vulnerability

Apache Incubator Superset is a suite of enterprise-class business intelligence Web applications from the Apache Apache Software Foundation in the United States. The program features data collection, data visualization and authentication. A security vulnerability exists in Apache Incubator Superse...

CVE-2019-12413

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...

PT-2019-12792 · Apache · Apache Incubator Superset

Name of the Vulnerable Software and Affected Versions: Apache Incubator Superset versions prior to 0.31 Description: The issue allows a user to query database metadata information from a database they have no access to, by using a specially crafted complex query. Recommendations: For versions pri...