CVE-2023-1419: Debezium database connector has a script injection vulnerability

November 17, 2024 (updated November 18, 2024)

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

References

access.redhat.com/security/cve/CVE-2023-1419
bugzilla.redhat.com/show_bug.cgi?id=2178722
github.com/advisories/GHSA-hvw5-3mgw-7rcf
github.com/debezium/debezium
github.com/debezium/debezium/commit/58ef4f0b98428cc795c2844eaa6e1762e8248227
nvd.nist.gov/vuln/detail/CVE-2023-1419

Code Behaviors & Features

Detect and mitigate CVE-2023-1419 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →