Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-15
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
Products | Clickhouse |
Type | Information Exposure (CWE-200) |
First patch | - None (likely due to unavailable code) |
Links | https://clickhouse.yandex/docs/en/security_changelog/ |