Enviar #719061: milvus-io milvus latest Not Safe Remote Expression Executioninformación

Títulomilvus-io milvus latest Not Safe Remote Expression Execution
DescripciónMilvus exposes an internal HTTP endpoint /expr that compiles and executes user-provided expressions (code parameter). This creates a Remote Expression Execution (REE) attack surface. If the endpoint is reachable by an attacker, or if its auth secret is guessable/leaked, an attacker may execute arbitrary expression logic and potentially abuse objects exposed in the expression environment (e.g., paramtable.Get()), leading to information disclosure, configuration manipulation, or DoS.
Fuente⚠️ https://github.com/milvus-io/milvus/issues/46442
Usuario
 0x1f (UID 89432)
Sumisión2025-12-18 15:39 (hace 4 meses)
Moderación2026-01-04 09:53 (17 days later)
EstadoAceptado
Entrada de VulDB339486 [milvus hasta 2.6.7 HTTP Endpoint pkg/util/expr/expr.go expr.Exec code escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!