CNNVD-202506-2577 Information
CNNVD ID
CNNVD-202506-2577
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
Apache SeaTunnel是美国阿帕奇(Apache)基金会的一个简单易用的数据集成框架。 Apache SeaTunnel 2.3.10及之前版本存在访问控制错误漏洞,该漏洞源于未授权用户可以通过restful api-v1提交作业执行任意文件读取和反序列化攻击。
Description (English)
Apache SeaTunnel is a simple and easy-to-use data set of the Apache Foundation in the United States. Apache SeaTunnel 2.3.10 and previous versions had access control error holes, which stemmed from unauthorized users who could perform random document reading and back-sequencing attacks through retful api-v1 submissions.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
阿帕奇
Published
2025-06-19
Last Modified
2026-02-24
References
https://github.com/apache/seatunnel/pull/9010 https://lists.apache.org/thread/qvh3zyt1jr25rgvw955rb8qjrnbxfro9 http://www.openwall.com/lists/oss-security/2025/04/12/1 https://access.redhat.com/security/cve/cve-2025-32896
Patch
https://seatunnel.apache.org/download
Share on: