{
  "variant_id": "CVE-2026-41042-paimon-jdbc-metastore-bypass",
  "created_at": "2026-07-09T13:18:00Z",
  "variant_summary": "Bypass of the CVE-2026-41042 fix: the same H2 INIT/CREATE ALIAS RCE is reachable on the fixed Gravitino 1.2.1 via the lakehouse-paimon catalog provider with catalog-backend=jdbc. Paimon opens the JDBC connection through its own JdbcCatalog (DriverManager.getConnection(uri)) and never calls the patched DataSourceUtils.createDataSource(), so the H2 URL/driver block is not evaluated. H2 driver is reachable because IsolatedClassLoader delegates org.h2.* to the server classloader (libs/h2-1.4.200.jar). Unauthenticated testConnection API, default config.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "https://github.com/apache/gravitino",
  "submitted_target": {
    "target_kind": "release",
    "commit_sha": "1c1665f05e24f69833bcedfb0e6dc6b477f95dc4",
    "version": "1.2.0",
    "ref": "v1.2.0",
    "display": "Apache Gravitino 1.2.0 (vulnerable, build 1c1665f05e24f69833bcedfb0e6dc6b477f95dc4)"
  },
  "variant_target": {
    "target_kind": "release",
    "commit_sha": "e88bffcfc31b7a656c960245b63b1e4c4901b8ee",
    "version": "1.2.1",
    "ref": "v1.2.1",
    "display": "Apache Gravitino 1.2.1 (fixed, contains H2 block in DataSourceUtils; bypassed via lakehouse-paimon, build e88bffcfc31b7a656c960245b63b1e4c4901b8ee)"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "POST /api/metalakes/{metalake}/catalogs/testConnection (unauthenticated, SimpleAuthenticator + authorization disabled by default) -> H2 INIT/CREATE ALIAS RCE via attacker-controlled JDBC URL",
  "validated_surface": "POST /api/metalakes/{metalake}/catalogs/testConnection with provider=lakehouse-paimon, catalog-backend=jdbc, uri=jdbc:h2:mem:<rand>;INIT=CREATE ALIAS ... ProcessBuilder ...;CALL EXEC(), jdbc-driver=org.h2.Driver (unauthenticated) -> H2 INIT/CREATE ALIAS RCE on the FIXED 1.2.1 server",
  "required_entrypoint_kind": "endpoint",
  "required_entrypoint_detail": "POST /api/metalakes/{metalake}/catalogs/testConnection (also reachable via catalog creation POST /api/metalakes/{metalake}/catalogs); provider=lakehouse-paimon, type=RELATIONAL, properties: catalog-backend=jdbc, uri, jdbc-driver, jdbc-user, jdbc-password, warehouse",
  "attacker_controlled_input": "catalog 'uri' property (raw H2 JDBC URL with INIT=CREATE ALIAS ... ProcessBuilder ...) and 'jdbc-driver' property (org.h2.Driver), supplied unauthenticated through the testConnection REST API",
  "trigger_path": "POST /api/metalakes/{ml}/catalogs/testConnection -> CatalogManager.testConnection -> BaseCatalog.ops() -> PaimonCatalogOperations.initialize -> PaimonCatalogOps.<init> -> CatalogUtils.loadCatalogBackendWithSimpleAuth -> checkPaimonConfig(Class.forName(org.h2.Driver)) -> Paimon CatalogFactory.createCatalog -> JdbcCatalogFactory.create -> JdbcCatalog.<init> -> DriverManager.getConnection(uri) -> H2 INIT -> CREATE ALIAS compiles+executes Java -> ProcessBuilder runs OS command",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "evidence_scope": "production_path",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": true,
  "inferred": false,
  "is_bypass": true,
  "bypass_of_fix_commit": "5daabcd0e8ddc96e25bd6c6ce7b153cdb311c3f2",
  "bypass_of_fix_cherry_pick": "84d3de9c7c436fbdac72b5f7a1163e65e0580fe2",
  "file_path": "catalogs/catalog-lakehouse-paimon/src/main/java/org/apache/gravitino/catalog/lakehouse/paimon/utils/CatalogUtils.java",
  "line_start": 110,
  "line_end": 150,
  "secondary_anchors": [
    {
      "file_path": "catalogs/catalog-lakehouse-paimon/src/main/java/org/apache/gravitino/catalog/lakehouse/paimon/PaimonCatalogOperations.java",
      "line_start": 106,
      "line_end": 162
    },
    {
      "file_path": "catalogs/catalog-lakehouse-paimon/src/main/java/org/apache/gravitino/catalog/lakehouse/paimon/ops/PaimonCatalogOps.java",
      "line_start": 47,
      "line_end": 52
    },
    {
      "file_path": "catalogs/catalog-jdbc-common/src/main/java/org/apache/gravitino/catalog/jdbc/utils/DataSourceUtils.java",
      "line_start": 48,
      "line_end": 58
    },
    {
      "file_path": "core/src/main/java/org/apache/gravitino/utils/IsolatedClassLoader.java",
      "line_start": 227,
      "line_end": 240
    }
  ],
  "review_scope_paths": [
    "catalogs/catalog-lakehouse-paimon/src/main/java/org/apache/gravitino/catalog/lakehouse/paimon/",
    "catalogs/catalog-jdbc-common/src/main/java/org/apache/gravitino/catalog/jdbc/",
    "common/src/main/java/org/apache/gravitino/utils/JdbcUrlUtils.java",
    "core/src/main/java/org/apache/gravitino/utils/IsolatedClassLoader.java"
  ],
  "artifact_refs": {
    "variant_manifest": "bundle/vuln_variant/variant_manifest.json",
    "validation_verdict": "bundle/vuln_variant/validation_verdict.json",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant/variant_repro.log",
    "root_cause_equivalence": "bundle/vuln_variant/root_cause_equivalence.json",
    "reproducer": [
      "bundle/vuln_variant/reproduction_steps.sh",
      "bundle/vuln_variant/paimon_variant_test.py"
    ],
    "source_identity": "bundle/vuln_variant/source_identity.json",
    "patch_analysis": "bundle/vuln_variant/patch_analysis.md",
    "rca_report": "bundle/vuln_variant/rca_report.md"
  }
}
