Bug 2178722 (CVE-2023-1419) - CVE-2023-1419 debezium: script injection via connector parameter Key Information: Bug ID: 2178722 CVE ID: CVE-2023-1419 Title: debezium: script injection via connector parameter Reported: 2023-03-15 16:17 UTC by Chess Hazlett Modified: 2024-07-11 21:17 UTC Status: NEW Product: Security Response Component: vulnerability Version: unspecified Hardware: All OS: Linux Priority: medium Severity: medium Doc Type: If docs needed, set a value Doc Text: A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data. Fixed In Version: debezium 2.3.0.Alpha1 Target Milestone: --- Assignee: Nobody QA Contact: URL: Whiteboard: Depends On: 2169496 Blocks: depends on / blocked Description: It was found that Debezium database connector does not properly sanitize some parameters. An attacker could send a malicious request to inject a parameter that would possibly allow viewing of unauthorized data.