CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0
References
Link Resource
https://www.yugabyte.com/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

10 Nov 2023, 23:15

Type Values Removed Values Added
Summary External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2. External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0

07 Nov 2023, 04:00

Type Values Removed Values Added
Summary External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2. External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.

17 Feb 2023, 13:33

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
References (MISC) https://www.yugabyte.com/ - (MISC) https://www.yugabyte.com/ - Product
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Yugabyte
Apple macos
Linux
Linux linux Kernel
Yugabyte yugabytedb
Microsoft windows
Apple iphone Os
Microsoft
Apple

09 Feb 2023, 18:01

Type Values Removed Values Added
New CVE

Information

Published : 2023-02-09 17:15

Updated : 2023-12-10 14:48


NVD link : CVE-2023-0575

Mitre link : CVE-2023-0575

CVE.ORG link : CVE-2023-0575


JSON object : View

Products Affected

apple

  • iphone_os
  • macos

linux

  • linux_kernel

microsoft

  • windows

yugabyte

  • yugabytedb
CWE
NVD-CWE-noinfo CWE-642

External Control of Critical State Data

CWE-94

Improper Control of Generation of Code ('Code Injection')