Zacmode

**Name of the Vulnerable Software and Affected Versions** DuckDB versions 1.0.0 and prior **Description** The issue is related to the `sniff csv` function in DuckDB, which allows access to the filesystem even when `enable external access` is set to `false`. This provides an attacker with unauthorized access to protected information. There are two vectors to this issue: access to files that should not be allowed and the ability to read content from files, such as `/etc/hosts` and `proc/self/environ`, which is not the intended use of the `sniff csv` function. **Recommendations** For versions 1.0.0 and prior, consider disabling the local file system using the `disabled filesystems` setting to mitigate the issue. Specifically, set `disabled filesystems='LocalFileSystem'` to prevent access to the local file system. As a temporary workaround, consider disabling the `sniff csv` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but a fix is expected to be part of version 1.1.0.