Improper Handling of Parameters

CVE-2023-1419

Medium

5.9/10

Summary

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data. This issue affects io.debezium:debezium-connector-mysql versions prior to 2.3.0.Alpha1.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-233 - Improper Handling of Parameters

The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

References

Advisory
Advisory
Issue
Release Note
Pull request

Advisory Timeline

Published Nov 17, 2024

Improper Handling of Parameters

CVE-2023-1419

Summary

CWE-233 - Improper Handling of Parameters

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS