CVE-2020-15180

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15180
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15180.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15180
Aliases
Downstream
Related
Published
2021-05-27T20:15:07.910Z
Modified
2026-03-14T10:23:31.021158Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events
Introduced
c235de12ae3723b96944337bd89ad9cc87f21d8f
Fixed
f4c85ef5ed0b2977fd5db61b166fd59764394234
Introduced
9664240c948a92c22ccda0e1f5a420eb776ddcb1
Fixed
a464917766dc513b524d16282b8f2c30f323abe5
Introduced
20ae591abd0bfe1bfaee546989ee163f4ef832b1
Fixed
a707c7f0dd628013bd0857ff7411b3ab6633cfa3
Introduced
c761b43451d54eeeecdf3c102906fcce88d4e9d9
Fixed
a6e451dc7272c408ace8b3fb4d86c79263f7247e
Introduced
7c7f9bef28aa566557da31402142f6dd8298ddd2
Fixed
5b8ab1934a10966336e66751bc13fc66923b02f6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
776555af021e917ce0d6235386b43ae59fdd5161
Database specific 
{
    "versions": [
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.47"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "fixed": "10.2.34"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "10.3.25"
        },
        {
            "introduced": "10.4.0"
        },
        {
            "fixed": "10.4.15"
        },
        {
            "introduced": "10.5.0"
        },
        {
            "fixed": "10.5.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15180.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "5.6.49-28.42.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.7"
            },
            {
                "fixed": "5.7.31-31.45.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0"
            },
            {
                "fixed": "8.0.20-11.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.6"
            },
            {
                "fixed": "5.6.49"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.7"
            },
            {
                "fixed": "5.7.31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0"
            },
            {
                "fixed": "8.0.21"
            }
        ]
    }
]