CVE-2017-11467: Improper Privilege Management

October 18, 2018 (updated September 21, 2021)

OrientDB through 2.2.22 does not enforce privilege requirements during “where” or “fetchplan” or “order by” use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

References

github.com/advisories/GHSA-xm6r-4466-mr74
github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes
nvd.nist.gov/vuln/detail/CVE-2017-11467

Detect and mitigate CVE-2017-11467 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →