Описание
Command injection in gh-ost
Gh-ost version <= 1.1.2 allows users to inject DSN strings via the -database parameter.
This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server.
Impact
This issue may lead to arbitrary local file read.
Patches
Fixed in 1.1.3+.
Workarounds
None
References
For more information
If you have any questions or comments about this advisory:
- Open an issue in github/gh-ost
Пакеты
github.com/github/gh-ost
< 1.1.3
1.1.3
Связанные уязвимости
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.