EUVD-2024-0052

Malicious code in bioql PyPI...

CVE-2024-41672

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...

The vulnerability of the sniff_csv() function in the DuckDB relational database management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the sniffcsv function in the DuckDB database management system is related to insufficient protection for operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

PYSEC-2024-203

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...

CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...

CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...