External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.
This issue affects Yugabyte DB: Lesser then 2.2.0.0
References
Link | Resource |
---|---|
https://www.yugabyte.com/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
History
10 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 |
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
Summary | External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2. |
17 Feb 2023, 13:33
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.yugabyte.com/ - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Yugabyte
Apple macos Linux Linux linux Kernel Yugabyte yugabytedb Microsoft windows Apple iphone Os Microsoft Apple |
09 Feb 2023, 18:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-09 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0575
Mitre link : CVE-2023-0575
CVE.ORG link : CVE-2023-0575
JSON object : View
Products Affected
apple
- iphone_os
- macos
linux
- linux_kernel
microsoft
- windows
yugabyte
- yugabytedb
CWE
NVD-CWE-noinfo
CWE-642
External Control of Critical State Data
CWE-94Improper Control of Generation of Code ('Code Injection')