Remote Command Execution in Looker via IBM DB2 JDBC drive

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 25.0.93+ * 25.6.84+ * 25.12.42+ * 25.14.50+ * 25.16.44+

N/A

输入验证不恰当

Google Cloud Looker 安全漏洞

Google Cloud Looker是美国谷歌（Google）公司的一种在线工具，用于将数据转换为可定制的信息丰富的报告和仪表板。 Google Cloud Looker存在安全漏洞，该漏洞源于IBM DB2驱动程序参数过滤不足，可能导致执行恶意命令。

N/A

N/A