The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."
References
Link | Resource |
---|---|
https://docs.tigergraph.com/home/ | Product Vendor Advisory |
https://docs.tigergraph.com/home/cve-2022-30331 | Vendor Advisory |
https://neo4j.com/security/cve-2022-30331/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-05T00:00:00
Updated: 2022-11-16T00:00:00
Reserved: 2022-05-07T00:00:00
Link: CVE-2022-30331
JSON object: View
NVD Information
Status : Modified
Published: 2022-09-05T16:15:08.450
Modified: 2024-05-17T02:09:04.580
Link: CVE-2022-30331
JSON object: View
Redhat Information
No data.
CWE