Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-15
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Products | Clickhouse |
Type | Improper Input Validation (CWE-20) |
First patch | - None (likely due to unavailable code) |
Links | https://clickhouse.yandex/docs/en/security_changelog/ |