[
https://issues.apache.org/jira/browse/IMPALA-7859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16692304#comment-16692304
]
Jim Apple commented on IMPALA-7859:
-----------------------------------
For security-related issues, please discuss on private@, making sure to CC
anyone who is not a PMC member. I'll be deleting this issue to avoid any leaks.
> Nessus Scan find CGI Generic SQL Injection.
> -------------------------------------------
>
> Key: IMPALA-7859
> URL: https://issues.apache.org/jira/browse/IMPALA-7859
> Project: IMPALA
> Issue Type: Bug
> Reporter: Donghui Xu
> Priority: Major
>
> The nessus scan report shows that the 25000 port and the 25020 port contain
> the risk of SQL injection, as follows:
> + The following resources may be vulnerable to blind SQL injection :
> + The 'object_type' parameter of the /catalog_object CGI :
> /catalog_object?object_name=_impala_builtins&object_type=DATABASEzz_impa
> la_builtins&object_type=DATABASEyy
> How can I solve this problem? Thanks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
