2019-08-15 17:54:05
yandex
PUBLISHED
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.