VYPR
High severityNVD Advisory· Published Aug 21, 2024· Updated Aug 23, 2024

Apache SeaTunnel Web: Arbitrary file read vulnerability

CVE-2023-49198

Description

Mysql security vulnerability in Apache SeaTunnel.

Attackers can read files on the MySQL server by modifying the information in the MySQL URL

allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version [1.0.1], which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.seatunnel:seatunnelMaven
>= 1.0.0, < 1.0.11.0.1

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.