com.facebook.presto:presto-client 0.123 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.facebook.presto:presto-client package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Server-side Request Forgery (SSRF) com.facebook.presto:presto-client is a Presto Client Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `nextUri` parameter in the `advance` function. Presto JDBC can be affected by this vulnerability when connecting a remote Presto server. An attacker can view sensitive information from highly sensitive internal servers or perform a local port scan by modifying the `nextUri` parameter to an internal server in response content that the client will request next. How to fix Server-side Request Forgery (SSRF)? Upgrade `com.facebook.presto:presto-client` to version 0.286 or higher.	[,0.286)
H Server-side Request Forgery (SSRF) com.facebook.presto:presto-client is a Presto Client Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `StatementClientV1` function. Presto JDBC can be affected by this vulnerability when connecting a remote Presto server. An attacker can view sensitive information from highly sensitive internal servers or perform a local port scan by constructing a redirect response that the client will follow. Mitigation: This vulnerability can be mitigated by disabling the redirect or adding a JDBC parameter such as allowRedirect. How to fix Server-side Request Forgery (SSRF)? Upgrade `com.facebook.presto:presto-client` to version 0.286 or higher.	[,0.286)

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

com.facebook.presto:presto-client is a Presto Client

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the nextUri parameter in the advance function. Presto JDBC can be affected by this vulnerability when connecting a remote Presto server. An attacker can view sensitive information from highly sensitive internal servers or perform a local port scan by modifying the nextUri parameter to an internal server in response content that the client will request next.

How to fix Server-side Request Forgery (SSRF)?

Upgrade com.facebook.presto:presto-client to version 0.286 or higher.

[,0.286)

Server-side Request Forgery (SSRF)

com.facebook.presto:presto-client is a Presto Client

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the StatementClientV1 function. Presto JDBC can be affected by this vulnerability when connecting a remote Presto server. An attacker can view sensitive information from highly sensitive internal servers or perform a local port scan by constructing a redirect response that the client will follow.

Mitigation:

This vulnerability can be mitigated by disabling the redirect or adding a JDBC parameter such as allowRedirect.

How to fix Server-side Request Forgery (SSRF)?

Upgrade com.facebook.presto:presto-client to version 0.286 or higher.

[,0.286)

com.facebook.presto:presto-client@0.123 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?