Vulnerability Description
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cratedb | Cratedb | < 5.3.9 |
Related Weaknesses (CWE)
References
- https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6Patch
- https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96ExploitVendor Advisory
- https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6Patch
- https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96ExploitVendor Advisory
FAQ
What is CVE-2024-24565?
CVE-2024-24565 is a vulnerability with a CVSS score of 5.7 (MEDIUM). CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file ...
How severe is CVE-2024-24565?
CVE-2024-24565 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24565?
Check the references section above for vendor advisories and patch information. Affected products include: Cratedb Cratedb.