Severity: important

Affected versions:

- Apache SeaTunnel Web 1.0.0

Description:

Mysql security vulnerability in Apache SeaTunnel.

Attackers can read files on the MySQL server by modifying the information in 
the MySQL URL

 
allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360
This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Credit:

jiahua huang (reporter)

References:

https://lists.apache.org/thread/nprwwhh2t9r91lg6kxcgqz2xzq34ojbs
https://seatunnel.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-49198

Reply via email to