CVE-2023-49198: Apache SeaTunnel SQL Injection vulnerability

August 21, 2024

Mysql security vulnerability in Apache SeaTunnel.

Attackers can read files on the MySQL server by modifying the information in the MySQL URL

allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version [1.0.1], which fixes the issue.

References

github.com/advisories/GHSA-8m84-h9hh-3cfh
github.com/apache/seatunnel
lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08h
nvd.nist.gov/vuln/detail/CVE-2023-49198

Detect and mitigate CVE-2023-49198 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →