You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Donghui Xu (JIRA)" <ji...@apache.org> on 2018/11/16 02:16:00 UTC

[jira] [Created] (IMPALA-7859) Nessus Scan find CGI Generic SQL Injection.

Donghui Xu created IMPALA-7859:
----------------------------------

             Summary: Nessus Scan find CGI Generic SQL Injection.
                 Key: IMPALA-7859
                 URL: https://issues.apache.org/jira/browse/IMPALA-7859
             Project: IMPALA
          Issue Type: Bug
          Components: Backend
    Affects Versions: Impala 2.10.0
            Reporter: Donghui Xu


The nessus scan report shows that the 25000 port and the 25020 port contain the risk of SQL injection, as follows:
+ The following resources may be vulnerable to blind SQL injection :
+ The 'object_type' parameter of the /catalog_object CGI :
/catalog_object?object_name=_impala_builtins&object_type=DATABASEzz_impa
la_builtins&object_type=DATABASEyy

How can I solve this problem? Thanks.




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org