Описание
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
Ссылки
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.0 (исключая)
cpe:2.3:a:apache:shardingsphere:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00122
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-459
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
EPSS
Процентиль: 32%
0.00122
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-459