Medium severity5.7NVD Advisory· Published Jan 30, 2024· Updated Jun 17, 2026
CVE-2024-24565
CVE-2024-24565
Description
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.crate:crateMaven | < 5.3.9 | 5.3.9 |
io.crate:crateMaven | >= 5.4.0, < 5.4.8 | 5.4.8 |
io.crate:crateMaven | >= 5.5.0, < 5.5.4 | 5.5.4 |
io.crate:crateMaven | >= 5.6.0, < 5.6.1 | 5.6.1 |
Affected products
2- crate/cratev5Range: < 5.3.9
Patches
Vulnerability mechanics
References
8- github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6nvdPatchWEB
- github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-475g-vj6c-xf96ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-24565ghsaADVISORY
- github.com/crate/crate/commit/32d0fc2ebb834ea324eb7ab5d01320a67bc5c3c7ghsaWEB
- github.com/crate/crate/commit/b75aeeabf90f51bd96ddb499903928fd10185207ghsaWEB
- github.com/crate/crate/commit/c4c97d5a1c52cc2250ea42d062a3d37550c19dd5ghsaWEB
- github.com/crate/crate/commit/c5034323f1b56ca5d04b8ef4c6029eb63a5ba172ghsaWEB
News mentions
0No linked articles in our index yet.