cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-49198,https://securityvulnerability.io/vulnerability/CVE-2023-49198,MySQL Security Vulnerability in Apache SeaTunnel,"A security vulnerability in Apache SeaTunnel affects the MySQL server, enabling attackers to gain unauthorized access to files by altering the parameters in the MySQL URL. Specifically, by setting certain parameters such as allowLoadLocalInfile and allowUrlInLocalInfile to true, along with crafting specific paths, attackers can exploit this flaw to read sensitive information stored on the server. It is crucial for users running Apache SeaTunnel version 1.0.0 to upgrade to version 1.0.1 to protect against this issue and secure their MySQL environment.",Apache,Apache Seatunnel Web,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2024-08-21T09:37:57.478Z,0
CVE-2023-48396,https://securityvulnerability.io/vulnerability/CVE-2023-48396,Apache SeaTunnel Web Authentication Vulnerability,"Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge
any token to log in any user.

Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.
This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version 1.0.1, which fixes the issue.",Apache,Apache Seatunnel Web,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-30T08:15:33.731Z,0