Описание
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
EPSS
Дефекты
Связанные уязвимости
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
aiomysql is a library for accessing a MySQL database from the asyncio. ...
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
Уязвимость библиотеки доступа к базе данных MySQL aiomysql, связанная с внешним контролем имени файла или пути, позволяющая нарушителю вызвать отказ в обслуживании
EPSS