{"id":"CVE-2018-14672","details":"In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.","modified":"2026-04-11T18:43:36.598628Z","published":"2019-08-15T18:15:13.930Z","references":[{"type":"ADVISORY","url":"https://clickhouse.yandex/docs/en/security_changelog/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/clickhouse/clickhouse","events":[{"introduced":"0"},{"fixed":"5772699e9c461d1c5f9f0a6f6f24cd29d3035e17"}],"database_specific":{"cpe":"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"18.12.13"}],"source":"CPE_FIELD"}}],"versions":["53973","53974","53975","53976","53977","53978","53979","53980","53981","53982","53983","53984","53985","53986","53987","53988","53989","53990","53991","53992","53993","53994","53995","53996","53997","53999","54000","54001","54002","54003","54004","54005","54006","54007","54008","54009","54010","54011","v1.1.1-testing","v1.1.3-testing","v1.1.54011-stable","v1.1.54011-testing","v1.1.54012-testing","v1.1.54015-testing","v1.1.54016-testing","v1.1.54017-testing","v1.1.54018-testing","v1.1.54019-stable","v1.1.54019-testing","v1.1.54020-stable","v1.1.54020-testing","v1.1.54021-testing","v1.1.54022-stable","v1.1.54022-testing","v1.1.54025-testing","v1.1.54026-testing","v1.1.54027-testing","v1.1.54028-testing","v1.1.54029-testing","v1.1.54030-stable","v1.1.54030-testing","v1.1.54031-testing","v1.1.54033-testing","v1.1.54034-testing","v1.1.54035-testing","v1.1.54036-testing","v1.1.54037-testing","v1.1.54038-testing","v1.1.54039-testing","v1.1.54040-testing","v1.1.54041-testing","v1.1.54042-testing","v1.1.54043-testing","v1.1.54044-testing","v1.1.54045-testing","v1.1.54047-testing","v1.1.54048-testing","v1.1.54049-testing","v1.1.54050-testing","v1.1.54051-testing","v1.1.54052-testing","v1.1.54053-testing","v1.1.54054-testing","v1.1.54055-testing","v1.1.54056-testing","v1.1.54057-testing","v1.1.54060-testing","v1.1.54064-testing","v1.1.54068-testing","v1.1.54069-testing","v1.1.54070-testing","v1.1.54072-testing","v1.1.54073-testing","v1.1.54074-stable","v1.1.54074-testing","v1.1.54076-testing","v1.1.54077-testing","v1.1.54078-testing","v1.1.54079-testing","v1.1.54080-stable","v1.1.54080-testing","v1.1.54083-stable","v1.1.54083-testing","v1.1.54092-testing","v1.1.54093-testing","v1.1.54095-testing","v1.1.54096-testing","v1.1.54097-testing","v1.1.54098-testing","v1.1.54099-testing","v1.1.54100-testing","v1.1.54101-testing","v1.1.54102-testing","v1.1.54103-testing","v1.1.54104-testing","v1.1.54105-testing","v1.1.54106-testing","v1.1.54107-testing","v1.1.54108-testing","v1.1.54109-testing","v1.1.54110-testing","v1.1.54111-testing","v1.1.54112-stable","v1.1.54112-testing","v1.1.54113-testing","v1.1.54115-testing","v1.1.54197-testing","v1.1.54199-testing","v1.1.54200-testing","v1.1.54201-testing","v1.1.54202-testing","v1.1.54203-testing","v1.1.54204-testing","v1.1.54207-testing","v1.1.54209-testing","v1.1.54210-testing","v1.1.54211-testing","v1.1.54212-testing","v1.1.54223-testing","v1.1.54225-testing","v1.1.54226-testing","v1.1.54227-testing","v1.1.54228-testing","v1.1.54229-testing","v1.1.54230-testing","v1.1.54232-testing","v1.1.54233-testing","v1.1.54236-stable","v1.1.54236-testing","v1.1.54238-testing","v1.1.54240-testing","v1.1.54241-testing","v1.1.54242-stable","v1.1.54242-testing","v1.1.54243-testing","v1.1.54246-testing","v1.1.54247-testing","v1.1.54248-testing","v1.1.54251-testing","v1.1.54252-testing","v1.1.54253-testing","v1.1.54259-testing","v1.1.54260-testing","v1.1.54262-testing","v1.1.54263-testing","v1.1.54265-testing","v1.1.54267-testing","v1.1.54268-testing","v1.1.54269-testing","v1.1.54271-testing","v1.1.54273-testing","v1.1.54274-testing","v1.1.54278-testing","v1.1.54279-testing","v1.1.54280-testing","v1.1.54286-testing","v1.1.54292-stable","v1.1.54292-testing","v1.1.54297-testing","v1.1.54300-testing","v1.1.54307-testing","v1.1.54308-testing","v1.1.54310-stable","v1.1.54310-testing","v1.1.54312-testing","v1.1.54322-testing","v1.1.54323-testing","v1.1.54324-testing","v1.1.54325-testing","v1.1.54326-testing","v1.1.54329-testing","v1.1.54330-testing","v1.1.54331-testing","v1.1.54332-testing","v1.1.54333-testing","v1.1.54334-testing","v1.1.54335-stable","v1.1.54335-testing","v1.1.54336-stable","v1.1.54336-testing","v1.1.54337-stable","v1.1.54337-testing","v1.1.54338-testing","v1.1.54339-testing","v1.1.54340-testing","v1.1.54341-testing","v1.1.54342-stable","v1.1.54342-testing","v1.1.54343-stable","v1.1.54343-testing","v1.1.54344-testing","v1.1.54345-testing","v1.1.54346-testing","v1.1.54347-testing","v1.1.54348-testing","v1.1.54349-testing","v1.1.54350-testing","v1.1.54353-testing","v1.1.54354-testing","v1.1.54355-testing","v1.1.54356-testing","v1.1.54358-stable","v1.1.54358-testing","v1.1.54362-stable","v1.1.54362-testing","v1.1.54363-testing","v1.1.54364-testing","v1.1.54365-testing","v1.1.54366-testing","v1.1.54369-testing","v1.1.54370-stable","v1.1.54370-testing","v1.1.54371-testing","v1.1.54373-testing","v1.1.54376-testing","v1.1.54377-testing","v1.1.54378-stable","v1.1.54378-testing","v1.1.54380-stable","v1.1.54380-testing","v1.1.54386-testing","v1.1.54387-testing","v1.1.54388-stable","v1.1.54388-testing","v1.1.54390-stable","v1.1.54390-testing","v1.1.54391-testing","v1.1.54393-testing","v1.1.54394-stable","v1.1.54394-testing","v1.1.54396-testing","v1.1.54397-testing","v1.1.54398-testing","v18.1.0-stable","v18.1.0-testing","v18.10.0-testing","v18.10.2-testing","v18.10.3-stable","v18.10.3-testing","v18.12.0-testing","v18.12.1-testing","v18.12.12-testing","v18.12.2-testing","v18.12.3-testing","v18.12.5-testing","v18.12.7-testing","v18.2.0-testing","v18.4.0-stable","v18.4.0-testing","v18.5.0-testing","v18.6.0-stable","v18.6.0-testing","v18.7.0-testing","v18.8.0-testing","v18.9.0-testing"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14672.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}