MEDIUM5.3
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NCVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NReferences
- https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md
- https://github.com/ClickHouse/ClickHouse/pull/6466
- https://github.com/ClickHouse/ClickHouse/pull/7526/files
- https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md
- https://github.com/ClickHouse/ClickHouse/pull/6466
- https://github.com/ClickHouse/ClickHouse/pull/7526/files