AZL-53977

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53977.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-53977

Upstream

CVE-2024-53257

Published

2024-12-03T16:15:23Z

Modified

2026-04-21T04:35:26.664963Z

Summary

CVE-2024-53257 affecting package vitess for versions less than 17.0.7-7

Details

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-53257

Affected packages

Azure Linux:2 / vitess

Package

Name: vitess
Purl: pkg:rpm/azure-linux/vitess

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.7-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53977.json"