Yandex: >> Clickhouse >> 18.5.1 Security Vulnerabilities
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-15
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-08-15
Page 2