Lucene search
ApacheVULNRICHMENT:CVE-2023-49198HistoryAug 21, 2024 - 9:37 a.m.
CVE-2023-49198 Apache SeaTunnel Web: Arbitrary file read vulnerability
2024-08-2109:37:57
CWE-552
apache
github.com
3
cve-2023-49198
apache seatunnel
arbitrary file read
mysql
security vulnerability
attackers
url modification
information disclosure
upgrade to 1.0.1
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
34.8%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Mysql security vulnerability in Apache SeaTunnel.
Attackers can read files on the MySQL server by modifying the information in the MySQL URL
allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360
This issue affects Apache SeaTunnel: 1.0.0.
Users are recommended to upgrade to version [1.0.1], which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_seatunnel_web:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_seatunnel_web",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2023-49198
2024-08-21 10:15:04
veracode
veracode
Arbitrary File Read
2024-08-26 11:53:55
osv
osv
Apache SeaTunnel SQL Injection vulnerability
2024-08-21 12:30:25
cvelist
cvelist
CVE-2023-49198 Apache SeaTunnel Web: Arbitrary file read vulnerability
2024-08-21 09:37:57
cve
cve
CVE-2023-49198
2024-08-21 10:15:04
github
github
Apache SeaTunnel SQL Injection vulnerability
2024-08-21 12:30:25
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
34.8%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-49198