{"id":"CVE-2019-18657","details":"ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.","modified":"2026-04-11T20:53:16.494472Z","published":"2019-10-31T19:15:12.687Z","references":[{"type":"ADVISORY","url":"https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"},{"type":"ADVISORY","url":"https://github.com/ClickHouse/ClickHouse/pull/6466"},{"type":"FIX","url":"https://github.com/ClickHouse/ClickHouse/pull/7526/files"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/clickhouse/clickhouse","events":[{"introduced":"0"},{"fixed":"693b26b64881f69b3fade226d435daa17657f5f4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"19.13.5.44"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"}}],"versions":["53973","53974","53975","53976","53977","53978","53979","53980","53981","53982","53983","53984","53985","53986","53987","53988","53989","53990","53991","53992","53993","53994","53995","53996","53997","53999","54000","54001","54002","54003","54004","54005","54006","54007","54008","54009","54010","54011","v1.1.1-testing","v1.1.3-testing","v1.1.54011-stable","v1.1.54011-testing","v1.1.54012-testing","v1.1.54015-testing","v1.1.54016-testing","v1.1.54017-testing","v1.1.54018-testing","v1.1.54019-stable","v1.1.54019-testing","v1.1.54020-stable","v1.1.54020-testing","v1.1.54021-testing","v1.1.54022-stable","v1.1.54022-testing","v1.1.54025-testing","v1.1.54026-testing","v1.1.54027-testing","v1.1.54028-testing","v1.1.54029-testing","v1.1.54030-stable","v1.1.54030-testing","v1.1.54031-testing","v1.1.54033-testing","v1.1.54034-testing","v1.1.54035-testing","v1.1.54036-testing","v1.1.54037-testing","v1.1.54038-testing","v1.1.54039-testing","v1.1.54040-testing","v1.1.54041-testing","v1.1.54042-testing","v1.1.54043-testing","v1.1.54044-testing","v1.1.54045-testing","v1.1.54047-testing","v1.1.54048-testing","v1.1.54049-testing","v1.1.54050-testing","v1.1.54051-testing","v1.1.54052-testing","v1.1.54053-testing","v1.1.54054-testing","v1.1.54055-testing","v1.1.54056-testing","v1.1.54057-testing","v1.1.54060-testing","v1.1.54064-testing","v1.1.54068-testing","v1.1.54069-testing","v1.1.54070-testing","v1.1.54072-testing","v1.1.54073-testing","v1.1.54074-stable","v1.1.54074-testing","v1.1.54076-testing","v1.1.54077-testing","v1.1.54078-testing","v1.1.54079-testing","v1.1.54080-stable","v1.1.54080-testing","v1.1.54083-stable","v1.1.54083-testing","v1.1.54092-testing","v1.1.54093-testing","v1.1.54095-testing","v1.1.54096-testing","v1.1.54097-testing","v1.1.54098-testing","v1.1.54099-testing","v1.1.54100-testing","v1.1.54101-testing","v1.1.54102-testing","v1.1.54103-testing","v1.1.54104-testing","v1.1.54105-testing","v1.1.54106-testing","v1.1.54107-testing","v1.1.54108-testing","v1.1.54109-testing","v1.1.54110-testing","v1.1.54111-testing","v1.1.54112-stable","v1.1.54112-testing","v1.1.54113-testing","v1.1.54115-testing","v1.1.54197-testing","v1.1.54199-testing","v1.1.54200-testing","v1.1.54201-testing","v1.1.54202-testing","v1.1.54203-testing","v1.1.54204-testing","v1.1.54207-testing","v1.1.54209-testing","v1.1.54210-testing","v1.1.54211-testing","v1.1.54212-testing","v1.1.54223-testing","v1.1.54225-testing","v1.1.54226-testing","v1.1.54227-testing","v1.1.54228-testing","v1.1.54229-testing","v1.1.54230-testing","v1.1.54232-testing","v1.1.54233-testing","v1.1.54236-stable","v1.1.54236-testing","v1.1.54238-testing","v1.1.54240-testing","v1.1.54241-testing","v1.1.54242-stable","v1.1.54242-testing","v1.1.54243-testing","v1.1.54246-testing","v1.1.54247-testing","v1.1.54248-testing","v1.1.54251-testing","v1.1.54252-testing","v1.1.54253-testing","v1.1.54259-testing","v1.1.54260-testing","v1.1.54262-testing","v1.1.54263-testing","v1.1.54265-testing","v1.1.54267-testing","v1.1.54268-testing","v1.1.54269-testing","v1.1.54271-testing","v1.1.54273-testing","v1.1.54274-testing","v1.1.54278-testing","v1.1.54279-testing","v1.1.54280-testing","v1.1.54286-testing","v1.1.54292-stable","v1.1.54292-testing","v1.1.54297-testing","v1.1.54300-testing","v1.1.54307-testing","v1.1.54308-testing","v1.1.54310-stable","v1.1.54310-testing","v1.1.54312-testing","v1.1.54322-testing","v1.1.54323-testing","v1.1.54324-testing","v1.1.54325-testing","v1.1.54326-testing","v1.1.54329-testing","v1.1.54330-testing","v1.1.54331-testing","v1.1.54332-testing","v1.1.54333-testing","v1.1.54334-testing","v1.1.54335-stable","v1.1.54335-testing","v1.1.54336-stable","v1.1.54336-testing","v1.1.54337-stable","v1.1.54337-testing","v1.1.54338-testing","v1.1.54339-testing","v1.1.54340-testing","v1.1.54341-testing","v1.1.54342-stable","v1.1.54342-testing","v1.1.54343-stable","v1.1.54343-testing","v1.1.54344-testing","v1.1.54345-testing","v1.1.54346-testing","v1.1.54347-testing","v1.1.54348-testing","v1.1.54349-testing","v1.1.54350-testing","v1.1.54353-testing","v1.1.54354-testing","v1.1.54355-testing","v1.1.54356-testing","v1.1.54358-stable","v1.1.54358-testing","v1.1.54362-stable","v1.1.54362-testing","v1.1.54363-testing","v1.1.54364-testing","v1.1.54365-testing","v1.1.54366-testing","v1.1.54369-testing","v1.1.54370-stable","v1.1.54370-testing","v1.1.54371-testing","v1.1.54373-testing","v1.1.54376-testing","v1.1.54377-testing","v1.1.54378-stable","v1.1.54378-testing","v1.1.54380-stable","v1.1.54380-testing","v1.1.54386-testing","v1.1.54387-testing","v1.1.54388-stable","v1.1.54388-testing","v1.1.54390-stable","v1.1.54390-testing","v1.1.54391-testing","v1.1.54393-testing","v1.1.54394-stable","v1.1.54394-testing","v1.1.54396-testing","v1.1.54397-testing","v1.1.54398-testing","v18.1.0-stable","v18.1.0-testing","v18.10.0-testing","v18.10.2-testing","v18.10.3-stable","v18.10.3-testing","v18.12.0-testing","v18.12.1-testing","v18.12.12-testing","v18.12.15-testing","v18.12.17-stable","v18.12.17-testing","v18.12.2-testing","v18.12.3-testing","v18.12.5-testing","v18.12.7-testing","v18.14.0-testing","v18.14.1-testing","v18.14.2-testing","v18.14.4-testing","v18.14.5-testing","v18.14.6-testing","v18.14.7-testing","v18.14.8-stable","v18.14.8-testing","v18.14.9-stable","v18.14.9-testing","v18.15.0-testing","v18.2.0-testing","v18.4.0-stable","v18.4.0-testing","v18.5.0-testing","v18.6.0-stable","v18.6.0-testing","v18.7.0-testing","v18.8.0-testing","v18.9.0-testing","v19.1.2-testing","v19.1.3-testing","v19.1.4-testing","v19.1.5-stable","v19.1.5-testing","v19.1.6-stable","v19.1.6-testing","v19.10.1.654-testing","v19.10.1.658-testing","v19.10.1.665-testing","v19.10.1.669-testing","v19.10.1.681-testing","v19.10.1.685-testing","v19.10.1.687-testing","v19.10.1.696-testing","v19.10.1.698-testing","v19.10.1.705-testing","v19.10.1.706-testing","v19.11.0-testing","v19.11.0.709-testing","v19.11.0.723-testing","v19.11.0.724-testing","v19.11.0.726-testing","v19.11.0.736-testing","v19.11.0.762-testing","v19.11.0.764-testing","v19.11.0.779-testing","v19.11.0.780-testing","v19.11.0.784-testing","v19.11.0.787-testing","v19.11.0.789-testing","v19.11.0.797-testing","v19.11.0.803-testing","v19.11.0.808-testing","v19.11.0.812-testing","v19.11.0.817-testing","v19.11.0.827-testing","v19.11.0.830-prestable","v19.12.1.844-testing","v19.12.1.845-testing","v19.12.1.852-testing","v19.12.1.862-testing","v19.12.1.867-testing","v19.12.1.871-testing","v19.12.1.875-testing","v19.12.2.2-prestable","v19.13.3.26-stable","v19.13.4.32-stable","v19.2.0-testing","v19.3.1-testing","v19.3.2-testing","v19.3.3-stable","v19.3.3-testing","v19.3.4-stable","v19.3.4-testing","v19.4.0.49-stable","v19.4.0.49-testing","v19.5.1.246-testing","v19.6.1.357-testing","v19.7.1.403-testing","v19.8.1.562-testing","v19.9.1.585-testing","v19.9.1.586-testing","v19.9.1.587-testing","v19.9.1.589-testing","v19.9.1.591-testing","v19.9.1.592-testing","v19.9.1.594-testing","v19.9.1.600-testing","v19.9.1.604-testing","v19.9.1.616-testing","v19.9.1.617-testing","v19.9.1.620-testing","v19.9.1.622-testing","v19.9.1.623-testing","v19.9.1.628-testing","v19.9.1.630-testing","v19.9.1.632-testing","v19.9.1.633-testing","v19.9.1.644-testing"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18657.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}