GHSA-7fxj-fr3v-r9gj

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-7fxj-fr3v-r9gj/GHSA-7fxj-fr3v-r9gj.json
Aliases
  • CVE-2022-3023
Published
2022-11-04T19:01:17Z
Modified
2022-11-24T01:13:44Z
Details

TiDB server (importer CLI tool) prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."

References

Affected packages

Go / github.com/pingcap/tidb

github.com/pingcap/tidb

Affected ranges

Type
SEMVER
Events
Introduced
0
Last affected
6.1.2

Affected versions

Go / github.com/pingcap/tidb

github.com/pingcap/tidb

Affected ranges

Type
SEMVER
Events
Introduced
6.2.0
Last affected
6.4.0-alpha1

Affected versions