9 matches found
CVE-2025-5662
A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...
CVE-2021-36774
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
SQL Injection in Apache Kylin
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...
CVE-2021-36774
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...
Code injection
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...
CVE-2021-36774
CVE-2021-36774 concerns Apache Kylin. The connected sources describe an issue where reading data from other databases via JDBC allows a hacker-controlled MySQL server to execute arbitrary code inside Kylin server processes, via certain properties in the MySQL JDBC driver. Affected are Apache Kyli...
Remote Code Execution
Apache Druid is vulnerable to remote code execution. Certain properties supported by the MySQL JDBC driver allows an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes...