Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/l5rz7j4rg10o7ywtgknh2f5hxnv6yw3l | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-12-22T10:47:44.716Z
Updated:
Reserved: 2022-11-14T09:49:34.883Z
Link: CVE-2022-45347
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-22T11:15:09.053
Modified: 2022-12-29T20:05:34.053
Link: CVE-2022-45347
JSON object: View
Redhat Information
No data.
CWE