Arbitrary Command Injection Affecting mariadb-embedded package, versions <3:10.3.27-3.module+el8.3.0+7885+7a81225f
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-ORACLE8-MARIADBEMBEDDED-2573137
- published 10 Apr 2022
- disclosed 27 May 2021
Introduced: 27 May 2021CVE-2020-15180 Open this link in a new tab
How to fix?
mariadb-embedded to version 3:10.3.27-3.module+el8.3.0+7885+7a81225f or higher.
This issue was patched in
Note: Versions mentioned in the description apply to the upstream
How to fix? for
Oracle:8 relevant versions.
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in
wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.