BIT-mariadb-2021-27928

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mariadb/BIT-mariadb-2021-27928.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mariadb-2021-27928
Aliases
Published
2024-03-06T11:05:58.174Z
Modified
2024-07-15T22:00:16.633648Z
Summary
[none]
Details

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotify_cmd. NOTE: this does not affect an Oracle product.

References

Affected packages

Bitnami / mariadb

Package

Name
mariadb
Purl
pkg:bitnami/mariadb

Severity

  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
10.2.0
Fixed
10.2.37
Introduced
10.3.0
Fixed
10.3.28
Introduced
10.4.0
Fixed
10.4.18
Introduced
10.5.0
Fixed
10.5.9