Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug][Sort] Fix MySQL node JDBC for RCE vulnerability #5889

Closed
2 tasks done
EMsnap opened this issue Sep 14, 2022 · 0 comments · Fixed by #5896
Closed
2 tasks done

[Bug][Sort] Fix MySQL node JDBC for RCE vulnerability #5889

EMsnap opened this issue Sep 14, 2022 · 0 comments · Fixed by #5896
Assignees
@EMsnap
Labels
component/sort type/bug Something is wrong
Milestone
1.4.0

Comments

@EMsnap
Copy link
Contributor

EMsnap commented Sep 14, 2022
edited

What happened

JDBC URL of MySQL was vulnerable to security attacks.

See https://su18.org/post/jdbc-connection-url-attack,

or https://pyn3rd.github.io/2022/06/06/Make-JDBC-Attacks-Brillian-Again-I.

What you expected to happen

check jdbc url

How to reproduce

See https://su18.org/post/jdbc-connection-url-attack,

or https://pyn3rd.github.io/2022/06/06/Make-JDBC-Attacks-Brillian-Again-I.

Environment

No response

InLong version

master

InLong Component

InLong Sort

Are you willing to submit PR?

  • Yes, I am willing to submit a PR!

Code of Conduct
@EMsnap EMsnap added the type/bug Something is wrong label Sep 14, 2022
@EMsnap EMsnap mentioned this issue Sep 14, 2022
Closed
@healchow healchow changed the title [Bug] fix mysql load node jdbc for RCE Vulnerability [Bug][Sort] Fix MySQL load node JDBC for RCE vulnerability Sep 14, 2022
@healchow healchow added this to the 1.4.0 milestone Sep 14, 2022
@healchow healchow changed the title [Bug][Sort] Fix MySQL load node JDBC for RCE vulnerability [Bug][Sort] Fix MySQL node JDBC for RCE vulnerability Sep 14, 2022
@EMsnap EMsnap mentioned this issue Sep 14, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EMsnap EMsnap

Labels
component/sort type/bug Something is wrong
Projects
None yet
Milestone
1.4.0
2 participants
@EMsnap @healchow