Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42810

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.4AI score0.00424EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/04 6:26 p.m.9 views

Improper Encoding or Escaping of Output

Overview org.apache.polaris:polaris-core is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this package are...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 5:16 p.m.24 views

CVE-2026-42810

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS0.00424EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:48 p.m.10 views

CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:48 p.m.6 views

CVE-2026-42810

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 4:48 p.m.51 views

CVE-2026-42810

CVE-2026-42810 affects Apache Polaris. The issue arises because Polaris accepts literal ‘’ characters in namespace and table names, and these unescaped characters are reused in temporary S3 access policies for delegated table access. In S3 IAM policy matching, ‘ ’ is treated as a wildcard, allowi...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder