GHSA-hvw5-3mgw-7rcf

Suggest an improvement
Source
https://github.com/advisories/GHSA-hvw5-3mgw-7rcf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-hvw5-3mgw-7rcf/GHSA-hvw5-3mgw-7rcf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hvw5-3mgw-7rcf
Aliases
  • CVE-2023-1419
Published
2024-11-17T12:30:29Z
Modified
2024-11-18T20:27:09.189227Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Debezium database connector has a script injection vulnerability
Details

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

Database specific
{
    "nvd_published_at": "2024-11-17T11:15:05Z",
    "cwe_ids": [
        "CWE-233"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T20:08:44Z"
}
References

Affected packages

Maven / io.debezium:debezium-connector-mysql

Package

Name
io.debezium:debezium-connector-mysql
View open source insights on deps.dev
Purl
pkg:maven/io.debezium/debezium-connector-mysql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.0.Alpha1

Affected versions

0.*

0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.8.0.Beta1
0.8.0.CR1
0.8.0.Final
0.8.1.Final
0.8.2
0.8.3.Final
0.9.0.Alpha1
0.9.0.Alpha2
0.9.0.Beta1
0.9.0.Beta2
0.9.0.CR1
0.9.0.Final
0.9.1.Final
0.9.2.Final
0.9.3.Final
0.9.4.Final
0.9.5.Final
0.10.0.Alpha1
0.10.0.Alpha2
0.10.0.Beta1
0.10.0.Beta2
0.10.0.Beta3
0.10.0.Beta4
0.10.0.CR1
0.10.0.CR2
0.10.0.Final

1.*

1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.CR1
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta2
1.1.0.CR1
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.2.0.Alpha1
1.2.0.Beta1
1.2.0.Beta2
1.2.0.CR1
1.2.0.CR2
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.2.5.Final
1.3.0.Alpha1
1.3.0.Beta1
1.3.0.Beta2
1.3.0.CR1
1.3.0.Final
1.3.1.Final
1.4.0.Alpha1
1.4.0.Alpha2
1.4.0.Beta1
1.4.0.CR1
1.4.0.Final
1.4.1.Final
1.4.2.Final
1.5.0.Alpha1
1.5.0.Beta1
1.5.0.Beta2
1.5.0.CR1
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.6.0.Alpha1
1.6.0.Beta1
1.6.0.Beta2
1.6.0.CR1
1.6.0.Final
1.6.1.Final
1.6.2.Final
1.6.3.Final
1.6.4.Final
1.7.0.Alpha1
1.7.0.Beta1
1.7.0.CR1
1.7.0.CR2
1.7.0.Final
1.7.1.Final
1.7.2.Final
1.8.0.Alpha1
1.8.0.Alpha2
1.8.0.Beta1
1.8.0.CR1
1.8.0.Final
1.8.1.Final
1.9.0.Alpha1
1.9.0.Alpha2
1.9.0.Beta1
1.9.0.CR1
1.9.0.Final
1.9.1.Final
1.9.2.Final
1.9.3.Final
1.9.4.Final
1.9.5.Final
1.9.6.Final
1.9.7.Final
1.9.8.Final

2.*

2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Beta1
2.0.0.Beta2
2.0.0.CR1
2.0.0.Final
2.0.1.Final
2.1.0.Alpha1
2.1.0.Alpha2
2.1.0.Beta1
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.1.3.Final
2.1.4.Final
2.2.0.Alpha1
2.2.0.Alpha2
2.2.0.Alpha3
2.2.0.Beta1
2.2.0.CR1
2.2.0.Final
2.2.1.Final

Maven / io.debezium:debezium-connector-sqlserver

Package

Name
io.debezium:debezium-connector-sqlserver
View open source insights on deps.dev
Purl
pkg:maven/io.debezium/debezium-connector-sqlserver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.0.Alpha1

Affected versions

0.*

0.9.0.Alpha1
0.9.0.Alpha2
0.9.0.Beta1
0.9.0.Beta2
0.9.0.CR1
0.9.0.Final
0.9.1.Final
0.9.2.Final
0.9.3.Final
0.9.4.Final
0.9.5.Final
0.10.0.Alpha1
0.10.0.Alpha2
0.10.0.Beta1
0.10.0.Beta2
0.10.0.Beta3
0.10.0.Beta4
0.10.0.CR1
0.10.0.CR2
0.10.0.Final

1.*

1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.CR1
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta2
1.1.0.CR1
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.2.0.Alpha1
1.2.0.Beta1
1.2.0.Beta2
1.2.0.CR1
1.2.0.CR2
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.2.5.Final
1.3.0.Alpha1
1.3.0.Beta1
1.3.0.Beta2
1.3.0.CR1
1.3.0.Final
1.3.1.Final
1.4.0.Alpha1
1.4.0.Alpha2
1.4.0.Beta1
1.4.0.CR1
1.4.0.Final
1.4.1.Final
1.4.2.Final
1.5.0.Alpha1
1.5.0.Beta1
1.5.0.Beta2
1.5.0.CR1
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.6.0.Alpha1
1.6.0.Beta1
1.6.0.Beta2
1.6.0.CR1
1.6.0.Final
1.6.1.Final
1.6.2.Final
1.6.3.Final
1.6.4.Final
1.7.0.Alpha1
1.7.0.Beta1
1.7.0.CR1
1.7.0.CR2
1.7.0.Final
1.7.1.Final
1.7.2.Final
1.8.0.Alpha1
1.8.0.Alpha2
1.8.0.Beta1
1.8.0.CR1
1.8.0.Final
1.8.1.Final
1.9.0.Alpha1
1.9.0.Alpha2
1.9.0.Beta1
1.9.0.CR1
1.9.0.Final
1.9.1.Final
1.9.2.Final
1.9.3.Final
1.9.4.Final
1.9.5.Final
1.9.6.Final
1.9.7.Final
1.9.8.Final

2.*

2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Beta1
2.0.0.Beta2
2.0.0.CR1
2.0.0.Final
2.0.1.Final
2.1.0.Alpha1
2.1.0.Alpha2
2.1.0.Beta1
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.1.3.Final
2.1.4.Final
2.2.0.Alpha1
2.2.0.Alpha2
2.2.0.Alpha3
2.2.0.Beta1
2.2.0.CR1
2.2.0.Final
2.2.1.Final

Maven / io.debezium:debezium-core

Package

Name
io.debezium:debezium-core
View open source insights on deps.dev
Purl
pkg:maven/io.debezium/debezium-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.0.Alpha1

Affected versions

0.*

0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.8.0.Beta1
0.8.0.CR1
0.8.0.Final
0.8.1.Final
0.8.2
0.8.3.Final
0.9.0.Alpha1
0.9.0.Alpha2
0.9.0.Beta1
0.9.0.Beta2
0.9.0.CR1
0.9.0.Final
0.9.1.Final
0.9.2.Final
0.9.3.Final
0.9.4.Final
0.9.5.Final
0.10.0.Alpha1
0.10.0.Alpha2
0.10.0.Beta1
0.10.0.Beta2
0.10.0.Beta3
0.10.0.Beta4
0.10.0.CR1
0.10.0.CR2
0.10.0.Final

1.*

1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.CR1
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta2
1.1.0.CR1
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.2.0.Alpha1
1.2.0.Beta1
1.2.0.Beta2
1.2.0.CR1
1.2.0.CR2
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.2.5.Final
1.3.0.Alpha1
1.3.0.Beta1
1.3.0.Beta2
1.3.0.CR1
1.3.0.Final
1.3.1.Final
1.4.0.Alpha1
1.4.0.Alpha2
1.4.0.Beta1
1.4.0.CR1
1.4.0.Final
1.4.1.Final
1.4.2.Final
1.5.0.Alpha1
1.5.0.Beta1
1.5.0.Beta2
1.5.0.CR1
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.6.0.Alpha1
1.6.0.Beta1
1.6.0.Beta2
1.6.0.CR1
1.6.0.Final
1.6.1.Final
1.6.2.Final
1.6.3.Final
1.6.4.Final
1.7.0.Alpha1
1.7.0.Beta1
1.7.0.CR1
1.7.0.CR2
1.7.0.Final
1.7.1.Final
1.7.2.Final
1.8.0.Alpha1
1.8.0.Alpha2
1.8.0.Beta1
1.8.0.CR1
1.8.0.Final
1.8.1.Final
1.9.0.Alpha1
1.9.0.Alpha2
1.9.0.Beta1
1.9.0.CR1
1.9.0.Final
1.9.1.Final
1.9.2.Final
1.9.3.Final
1.9.4.Final
1.9.5.Final
1.9.6.Final
1.9.7.Final
1.9.8.Final

2.*

2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Beta1
2.0.0.Beta2
2.0.0.CR1
2.0.0.Final
2.0.1.Final
2.1.0.Alpha1
2.1.0.Alpha2
2.1.0.Beta1
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.1.3.Final
2.1.4.Final
2.2.0.Alpha1
2.2.0.Alpha2
2.2.0.Alpha3
2.2.0.Beta1
2.2.0.CR1
2.2.0.Final
2.2.1.Final