漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Kyuubi: Unauthorized directory access due to missing path normalization
Vulnerability Description
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
路径遍历:’dir/../../filename’
Vulnerability Title
Apache Kyuubi 安全漏洞
Vulnerability Description
Apache Kyuubi是Apache基金会的一个分布式SQL网关。 Apache Kyuubi 1.6.0版本至1.10.2版本存在安全漏洞,该漏洞源于客户端可绕过服务器端配置,可能导致访问未授权的本地文件。
CVSS Information
N/A
Vulnerability Type
N/A