julien040/anyquery CVE Request

 

✅ CVE Request 1: Path Traversal in read_csv Module

  • Title: Path Traversal Vulnerability in read_csv Module Due to Unvalidated File Path

  • Affected Component: module/read_csv.go, Prepare Method

  • Attack Vector: Malicious SQL query, such as SELECT * FROM read_csv('/etc/passwd' AS path).

  • Description: The read_csv table function accepts a file path parameter directly from SQL queries. This path is used without proper validation to access local file system resources, allowing attackers to escape the intended directory and read arbitrary files.

  • Vulnerability Type: Path Traversal (CWE-22)

  • Impact: Attackers can read any file accessible by the anyquery process. This may lead to the leakage of sensitive data, including system configuration files, source code, and credentials stored in the anyquery.db database.

  • Suggested Fix: Sanitize the input using filepath.Clean and resolve it to an absolute path. Before accessing the file, ensure the resolved path is within an allowed base directory (sandbox/jail).

✅ CVE Request 2: Path Traversal in read_json Module

  • Title: Path Traversal Vulnerability in read_json Module Due to Unvalidated File Path

  • Affected Component: module/read_json.go, Prepare Method

  • Attack Vector: Malicious SQL query, such as SELECT * FROM read_json('/etc/passwd' AS path).

  • Description: The read_json table function uses file paths provided directly by SQL queries without validation, allowing path traversal to read arbitrary files on the server.

  • Vulnerability Type: Path Traversal (CWE-22)

  • Impact: Attackers may read any file the anyquery process has access to, potentially exposing sensitive files and secrets.

  • Suggested Fix: Use filepath.Clean and convert the path to an absolute path. Check that it resides within a trusted base directory before file access.

✅ CVE Request 3: Path Traversal in read_parquet Module

  • Title: Path Traversal Vulnerability in read_parquet Module Due to Unvalidated File Path

  • Affected Component: module/read_parquet.go, Prepare Method

  • Attack Vector: Malicious SQL query, such as SELECT * FROM read_parquet('../../../../../etc/shadow' AS path).

  • Description: The read_parquet table function uses file paths from user input without checking for traversal, which can lead to unauthorized file reads.

  • Vulnerability Type: Path Traversal (CWE-22)

  • Impact: Any file accessible to anyquery could be exposed, including highly sensitive system and application data.

  • Suggested Fix: Normalize the input path using filepath.Clean, resolve it absolutely, and enforce that it stays within a defined base path.

✅ CVE Request 4: Path Traversal in read_yaml Module

  • Title: Path Traversal Vulnerability in read_yaml Module Due to Unvalidated File Path

  • Affected Component: module/read_yaml.go, Prepare Method

  • Attack Vector: Malicious SQL query, such as SELECT * FROM read_yaml('~/.ssh/id_rsa' AS path).

  • Description: The read_yaml function allows direct file path input and does not verify the path, enabling attackers to read arbitrary files.

  • Vulnerability Type: Path Traversal (CWE-22)

  • Impact: This flaw can be used to access private keys, configurations, or any other sensitive files readable by the process.

  • Suggested Fix: Sanitize with filepath.Clean, resolve as an absolute path, and restrict access to a safe directory scope.

✅ CVE Request 5: Path Traversal in read_toml Module

  • Title: Path Traversal Vulnerability in read_toml Module Due to Unvalidated File Path

  • Affected Component: module/read_toml.go, Prepare Method

  • Attack Vector: Malicious SQL query, such as SELECT * FROM read_toml('/var/log/syslog' AS path).

  • Description: The read_toml function trusts user input for file paths without validation, leading to possible file disclosure.

  • Vulnerability Type: Path Traversal (CWE-22)

  • Impact: Attackers can access log files or other important files that should not be available through SQL queries.

  • Suggested Fix: Clean the path with filepath.Clean, resolve it to an absolute path, and verify it is within a trusted directory.

✅ CVE Request 6: Path Traversal in read_log Module

  • Title: Path Traversal Vulnerability in read_log Module Due to Unvalidated File Path

  • Affected Component: module/read_log.go, Prepare Method

  • Attack Vector: Malicious SQL query, such as SELECT * FROM read_log('/proc/self/environ' AS path).

  • Description: The read_log function reads files based on user-supplied paths without validation, allowing attackers to view arbitrary server files.

  • Vulnerability Type: Path Traversal (CWE-22)

  • Impact: May expose environment variables or other confidential runtime information, increasing the risk of further attacks.

  • Suggested Fix: Normalize the file path input using filepath.Clean, ensure it’s absolute, and restrict access to a specific directory subtree.

Let me know if you’d like a batch CVE submission format (like in JSON, MITRE form, or GitHub Security Advisory template).

posted @ 2025-06-17 20:41  Aibot  阅读(24)  评论(0)    收藏  举报