漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload
Vulnerability Description
A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance, potentially leading to unauthorized access to sensitive data, modification of data pipelines, and exploration of the underlying infrastructure. The following CDAP versions include the necessary update to protect against this vulnerability: * 6.10.6+ * 6.11.1+ Users must immediately upgrade to them, or greater ones, available at: https://github.com/cdapio/cdap-build/releases .
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Google Cloud Data Fusion 安全漏洞
Vulnerability Description
Google Cloud Data Fusion是美国谷歌(Google)公司的一个企业数据集成服务。 Google Cloud Data Fusion存在安全漏洞,该漏洞源于具有上传权限的用户可在核心AppFabric组件中执行任意代码,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A