Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
Vulnerability Description
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. As a workaround, anyone who cannot upgrade now should disable `wsrep_notify_cmd`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
MariaDB Server 操作系统命令注入漏洞
Vulnerability Description
MariaDB Server是MariaDB开源的一个关系型数据库系统。 MariaDB server 10.6.1至10.6.26版本、10.11.1至10.11.17版本、11.4.1至11.4.11版本、11.8.1至11.8.7版本和12.3.1版本存在操作系统命令注入漏洞,该漏洞源于wsrep_notify_cmd启用时执行嵌入在加入节点名称中的shell命令。
CVSS Information
N/A
Vulnerability Type
N/A