CVE-2024-27438
CRITICALDescription
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.
Is your site exposed to CVE-2024-27438?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | doris |
References
Frequently Asked Questions
What is CVE-2024-27438? +
How severe is CVE-2024-27438? +
What products are affected by CVE-2024-27438? +
How do I check if I'm vulnerable to CVE-2024-27438? +
Related Vulnerabilities
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at …
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or …
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These …
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP …
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if …
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the …