| tiêu đề | DTStack Taier 1.4.0 Code Injection |
|---|
| Mô tả | DTStack Taier is a widely used open-source big data scheduling and development platform that allows users to submit custom SQL tasks/jobs via its REST API. A critical stored command injection vulnerability exists in the platform’s core task execution logic: user-controlled sqlText input is persistently stored in the MySQL database without any sanitization/validation, and later directly concatenated into a shell command executed by Runtime.exec(String) with the sh -c prefix.
This creates a persistent (stored) RCE chain: malicious OS commands injected into the sqlText parameter are saved to the database, and automatically executed by the Taier server when the scheduled/triggered SQL task runs. The vulnerability bypasses all input filtering and uses the server’s native shell interpreter to execute arbitrary operating system commands with the privileges of the Taier application process. |
|---|
| Nguồn | ⚠️ https://github.com/fakebug111/my_public_bug/blob/main/issus02.md |
|---|
| Người dùng | fakebug (UID 94486) |
|---|
| Đệ trình | 27/04/2026 08:43 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 24/05/2026 09:14 (27 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365418 [DTStack Taier 1.4.0 REST API Runtime.exec sqlText nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|