Security advisories #

Security advisories are necessary to inform you of the impact of publicly disclosed vulnerabilities, exposures, and other reported security threats. These reports are often available as Common Vulnerability and Exposure (CVE), as entry in the Nation Vulnerability Database or from other sources.

The following sections provide information for various of the reports based on their unique identifiers. Reports not listed typically do not apply. Contact us for further information about any reports.

Reports are sorted alphabetically and aim to cover details for all Starburst products, including Starburst Enterprise platform (SEP) and Starburst Galaxy and included components.

CVE-2021-42392 #

The CVE-2021-42392 report is related to the H2 database system. Trino and Starburst Enterprise embed H2 binaries only in the legacy Raptor connector plugin. The binaries are only loaded when the plugin is used. This is implemented in a catalog file with connector.name=raptor and is typically not the case. The CVE is therefore not applicable. Concerned users can optionally remove the directory plugin/raptor-legacy in their installation.

CVE-2021-44228 #

Information about CVE-2021-44228 is available in our Security advisory for Log4Shell.

CVE-2021-45046 #

Information about CVE-2021-45046 is available in our Security advisory for Log4Shell.

CVE-2021-45105 #

Information about CVE-2021-45105 is available in our Security advisory for Log4Shell.