Описание
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Debezium 1 | mysql-connector-java | Out of support scope | ||
| Red Hat build of Debezium 2 | mysql-connector-java | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-233
https://bugzilla.redhat.com/show_bug.cgi?id=2178722debezium: script injection via connector parameter
EPSS
Процентиль: 32%
0.00126
Низкий
5.9 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.9
nvd
около 1 года назад
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.
CVSS3: 5.9
github
около 1 года назад
Debezium database connector has a script injection vulnerability
EPSS
Процентиль: 32%
0.00126
Низкий
5.9 Medium
CVSS3