First published: Thu Feb 09 2023(Updated: )
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0
Credit: security@yugabyte.com
Affected Software | Affected Version | How to fix |
---|---|---|
YugabyteDB Enterprise | <2.2.0.0 | |
iPhone OS | ||
macOS | ||
Linux Kernel | ||
Microsoft Windows Operating System |
Use Yugabyte version 2.3.3.0-b106 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0575.
The severity of CVE-2023-0575 is critical.
Yugabyte DB up to version 2.2.0.0 is affected by CVE-2023-0575.
The vulnerability can be exploited through external control of critical state data, allowing code injection, which could lead to API manipulation and privilege abuse.
No, Apple iPhone OS, Apple macOS, Linux kernel, and Microsoft Windows are not vulnerable to CVE-2023-0575.
More information about CVE-2023-0575 can be found at https://www.yugabyte.com/.