oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass

From: Weijie Wu <wuweijie () apache org>
Date: Thu, 22 Dec 2022 09:35:08 +0000
Description:

ShardingSphere-Proxy with MySQL protocol didn't cleanup session completely after client authentication failed, which 
allows an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed 
in ShardingSphere 5.3.0.

References:

https://shardingsphere.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-45347
Previous By Date Next
Previous By Thread Next

Current thread: