You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Donghui Xu (JIRA)" <ji...@apache.org> on 2018/11/16 02:16:00 UTC
[jira] [Created] (IMPALA-7859) Nessus Scan find CGI Generic SQL
Injection.
Donghui Xu created IMPALA-7859:
----------------------------------
Summary: Nessus Scan find CGI Generic SQL Injection.
Key: IMPALA-7859
URL: https://issues.apache.org/jira/browse/IMPALA-7859
Project: IMPALA
Issue Type: Bug
Components: Backend
Affects Versions: Impala 2.10.0
Reporter: Donghui Xu
The nessus scan report shows that the 25000 port and the 25020 port contain the risk of SQL injection, as follows:
+ The following resources may be vulnerable to blind SQL injection :
+ The 'object_type' parameter of the /catalog_object CGI :
/catalog_object?object_name=_impala_builtins&object_type=DATABASEzz_impa
la_builtins&object_type=DATABASEyy
How can I solve this problem? Thanks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org