DEBIAN-CVE-2021-27928

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-27928

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-27928.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-27928

Upstream

CVE-2021-27928

Published

2021-03-19T03:15:12Z

Modified

2025-09-30T03:54:24Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotify_cmd. NOTE: this does not affect an Oracle product.

References

https://security-tracker.debian.org/tracker/CVE-2021-27928

Affected packages

Debian:11 / mariadb-10.5

Package

Name: mariadb-10.5
Purl: pkg:deb/debian/mariadb-10.5?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:10.5.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}