org.apache.kyuubi:kyuubi-server_2.12@1.9.2 vulnerabilities
latest version
1.11.0
latest non vulnerable version
first published
4 years ago
latest version published
2 months ago
licenses detected
- [1.3.0-incubating,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.apache.kyuubi:kyuubi-server_2.12 package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Directory Traversal through Kyuubi frontend protocols. An attacker can obtain server credentials, including keytabs, and impersonate other users by accessing local files outside the configured kyuubi.session.local.dir.allow.list. The strong recommendation of the allowlist to exclude sensitive values from the local directory is added in version 1.10.3, and enforcement of the limitation to read from local paths only is added in 1.11.0. How to fix Directory Traversal? Upgrade | [1.6.0,1.11.0) |