CVE-2022-21687

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21687
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21687.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21687
Aliases
Related
Published
2022-02-01T12:15:08Z
Modified
2025-05-05T17:17:47Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The -database parameter does not properly sanitize user input which can lead to arbitrary file reads.

References

Affected packages

Git / github.com/github/gh-ost

Affected ranges

Type
GIT
Repo
https://github.com/github/gh-ost
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a91ab042de013cfd8fbb633763438932d9080d8f
Fixed
a91ab042de013cfd8fbb633763438932d9080d8f