High severityNVD Advisory· Published Aug 21, 2024· Updated Aug 23, 2024
Apache SeaTunnel Web: Arbitrary file read vulnerability
CVE-2023-49198
Description
Mysql security vulnerability in Apache SeaTunnel.
Attackers can read files on the MySQL server by modifying the information in the MySQL URL
allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0.
Users are recommended to upgrade to version [1.0.1], which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.seatunnel:seatunnelMaven | >= 1.0.0, < 1.0.1 | 1.0.1 |
Affected products
2- Apache Software Foundation/Apache SeaTunnel Webv5Range: 1.0.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-8m84-h9hh-3cfhghsaADVISORY
- lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08hghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-49198ghsaADVISORY
News mentions
0No linked articles in our index yet.