Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Calcite 访问控制错误漏洞
Vulnerability Description
Apache Calcite是美国阿帕奇(Apache)基金会的一个开源框架,用于构建数据库和数据管理系统。 Apache Calcite 存在访问控制错误漏洞,该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。该漏洞允许攻击者进行中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A