CVE-2023-49198

CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability

Vendor Apache Software Foundation

Product Apache SeaTunnel Web

Weakness CWE-552 · Files accessible externally

Published August 21, 2024

Last update August 23, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Key dates

Disclosure timeline

August 21, 2024 CVE published

August 23, 2024 Record updated