|
Message-ID: <97dbcb8b-609e-07c5-6a78-76da8d4e91ff@apache.org> Date: Thu, 22 Dec 2022 09:35:08 +0000 From: Weijie Wu <wuweijie@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass Description: ShardingSphere-Proxy with MySQL protocol didn't cleanup session completely after client authentication failed, which allows an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in ShardingSphere 5.3.0. References: https://shardingsphere.apache.org https://www.cve.org/CVERecord?id=CVE-2022-45347
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.