OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.orientechnologies:orientdb-core(Maven) | 0 | 2.2.23 | N/A |
CVSS Metrics
