Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Network REST API with low-complexity injection and high confidentiality/integrity impact; PR:L chosen because identifier submission normally requires authenticated API access, no availability impact.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
6Description PRE-NVD
Articles & Coverage 1
AnalysisAI
Improper URL encoding in Apache Gravitino versions 1.0.0 through 1.2.0 lets remote attackers inject crafted path segments through unencoded, user-supplied metadata identifiers, redirecting or manipulating the internal HTTP requests Gravitino issues on the user's behalf. Because the CVSS vector (AV:N/PR:N) indicates no authentication and yields a 9.1 Critical score with high confidentiality and integrity impact, an attacker can potentially reach unintended endpoints, tamper with metadata operations, or exfiltrate data from back-end catalog services. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the ability to send a request to Apache Gravitino's REST metadata API and to control a user-supplied identifier (metalake, catalog, schema, or table name) that is placed into a URL path - the injection occurs specifically because that identifier is not URL-encoded before being embedded in a request. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are strong but not fully corroborated. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with reach to the Gravitino REST API submits a metadata operation whose object identifier contains crafted, unencoded path characters (for example a name embedding '../' or an alternate route), causing Gravitino to build and send an HTTP request to an unintended endpoint or back-end catalog service. Leveraging the low attack complexity, they use this to read metadata they should not access or manipulate catalog state, undermining confidentiality and integrity. … |
| Remediation | Vendor-released patch: version 1.2.1 - upgrade all Gravitino deployments to 1.2.1 or later, which the ASF advisory states fixes the issue. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, conduct an inventory to identify all Gravitino deployments running versions 1.0.0 through 1.2.0 and determine criticality and network exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43324