CVE-2024-45198

Published: Apr 3, 2025

Modified: Apr 4, 2025

PUBLISHED

Description

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-45198

Description

Affected Products

References