漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloudera JDBC Connector 安全漏洞
Vulnerability Description
Cloudera JDBC Connector是Cloudera公司的一个驱动程序。 Cloudera JDBC Connector 2.6.26之前版本存在安全漏洞,该漏洞源于存在JNDI注入问题,攻击者可以将恶意参数注入JDBC URL,从而导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A