Maven package
io.crate/crate
pkg:maven/io.crate/crate
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37309 | — | < 5.7.2 | 5.7.2 | Jun 13, 2024 | CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of | ||
| CVE-2024-24565 | — | < 5.3.9 | 5.3.9 | Jan 30, 2024 | CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers | ||
| CVE-2023-51982 | — | < 5.2.11 | 5.2.11 | Jan 30, 2024 | CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and acc |
- CVE-2024-37309Jun 13, 2024affected < 5.7.2fixed 5.7.2
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of
- CVE-2024-24565Jan 30, 2024affected < 5.3.9fixed 5.3.9
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers
- CVE-2023-51982Jan 30, 2024affected < 5.2.11fixed 5.2.11
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and acc