Arbitrary Code Execution Vulnerability in TigerGraph 3.6.0's User-Defined Functions (UDF) Feature

Arbitrary Code Execution Vulnerability in TigerGraph 3.6.0's User-Defined Functions (UDF) Feature

CVE-2022-30331 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.