GHSA-xm6r-4466-mr74

Suggest an improvement
Source
https://github.com/advisories/GHSA-xm6r-4466-mr74
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xm6r-4466-mr74/GHSA-xm6r-4466-mr74.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xm6r-4466-mr74
Aliases
  • CVE-2017-11467
Published
2018-10-18T17:40:56Z
Modified
2024-02-20T16:31:07.425145Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Details

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

References

Affected packages

Maven / com.orientechnologies:orientdb-core

Package

Name
com.orientechnologies:orientdb-core
View open source insights on deps.dev
Purl
pkg:maven/com.orientechnologies/orientdb-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.23

Affected versions

1.*

1.0rc9
1.0
1.0.1
1.1.0
1.2.0
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.7-rc1
1.7-rc2
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.10

2.*

2.0-M1
2.0-M2
2.0-M3
2.0-rc1
2.0-rc2
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.1-rc1
2.1-rc2
2.1-rc3
2.1-rc4
2.1-rc5
2.1-rc6
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.2.0-beta
2.2.0-beta2
2.2.0-rc1
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.20
2.2.21
2.2.22