Remote Code Execution in Looker via Teradata JDBC Driver

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.108+ * 24.18.200+ * 25.0.78+ * 25.6.65+ * 25.8.47+ * 25.12.10+ * 25.14+

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Google Cloud Looker 安全漏洞

Google Cloud Looker是美国谷歌（Google）公司的一种在线工具，用于将数据转换为可定制的信息丰富的报告和仪表板。 Google Cloud Looker存在安全漏洞，该漏洞源于Teradata驱动程序参数处理不当，可能导致执行恶意命令。

N/A

N/A