Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloudera JDBC Connector 安全漏洞
Vulnerability Description
Cloudera JDBC Connector是Cloudera公司的一个驱动程序。 Cloudera JDBC Connector 2.6.26之前版本存在安全漏洞,该漏洞源于存在JNDI注入问题,攻击者可以将恶意参数注入JDBC URL,从而导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A