A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.
Metrics
Affected Vendors & Products
References
History
Mon, 18 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sun, 17 Nov 2024 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | debezium: script injection via connector parameter | Debezium: script injection via connector parameter |
First Time appeared |
Redhat
Redhat debezium Redhat integration |
|
CPEs | cpe:/a:redhat:debezium:2 cpe:/a:redhat:integration:1 |
|
Vendors & Products |
Redhat
Redhat debezium Redhat integration |
|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-11-17T10:20:36.408Z
Updated: 2024-11-18T18:56:00.727Z
Reserved: 2023-03-15T16:15:54.277Z
Link: CVE-2023-1419
Vulnrichment
Updated: 2024-11-18T18:55:57.507Z
NVD
Status : Awaiting Analysis
Published: 2024-11-17T11:15:05.593
Modified: 2024-11-18T17:11:17.393
Link: CVE-2023-1419
Redhat