Vulnerability

CVE-2023-45860

 Report advisory or correction

CVSS Score 6.5 medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-89

References

https://github.com/hazelcast/hazelcast/pull/25661
https://github.com/hazelcast/hz-docs/pull/860
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45860

[CVE-2023-45860] CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up