Aggregates CVE and security vulnerability intelligence across all cratedb-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk sql injection and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-37309 | CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameters during an ongoing TLS session. This flaw could lead to excessive consumption of CPU resources, resulting in potential server overload and service disruption. The vulnerability was confirmed using an | [email protected] | 5.3 | 0.25% | 2024-06-13 | 2025-09-04 |
| CVE-2024-24565 | CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1. | [email protected] | 5.7 | 86.48% | 2024-01-30 | 2024-11-21 |
| CVE-2023-51982 | CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231) | [email protected] | 9.8 | 0.04% | 2024-01-30 | 2025-05-29 |