In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
References
Link | Resource |
---|---|
https://clickhouse.yandex/docs/en/security_changelog/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: yandex
Published: 2019-08-15T17:54:05
Updated: 2019-08-15T17:54:05
Reserved: 2018-07-27T00:00:00
Link: CVE-2018-14672
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-15T18:15:13.930
Modified: 2019-08-27T19:35:39.750
Link: CVE-2018-14672
JSON object: View
Redhat Information
No data.
CWE