Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-15
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
| Products | Clickhouse |
| Type | Cross-Site Request Forgery (CSRF) (CWE-352) |
| First patch | - None (likely due to unavailable code) |
| Links | https://clickhouse.yandex/docs/en/security_changelog/ |