{}

{}

{}

{"acknowledgement": "Red Hat would like to thank lufei for reporting this issue.", "bugzilla": {"description": "debezium: script injection via connector parameter", "id": "2178722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178722"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-233", "details": ["A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data."], "name": "CVE-2023-1419", "package_state": [{"cpe": "cpe:/a:redhat:debezium:2", "fix_state": "Not affected", "package_name": "mysql-connector-java", "product_name": "Red Hat build of Debezium"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Out of support scope", "package_name": "mysql-connector-java", "product_name": "Red Hat Integration Change Data Capture"}], "public_date": "2024-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-1419\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1419"], "threat_severity": "Moderate", "upstream_fix": "debezium 2.3.0.Alpha1"}