Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <97dbcb8b-609e-07c5-6a78-76da8d4e91ff@apache.org>
Date: Thu, 22 Dec 2022 09:35:08 +0000
From: Weijie Wu <wuweijie@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy
 MySQL authentication bypass 

Description:

ShardingSphere-Proxy with MySQL protocol didn't cleanup session completely after client authentication failed, which allows an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in ShardingSphere 5.3.0.

References:

https://shardingsphere.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-45347

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.