In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
{ "severity": "High", "cpes": [ "cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*" ] }