Arbitrary Code Execution Vulnerability in TigerGraph 3.6.0's User-Defined Functions (UDF) Feature
CVE-2022-30331 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.