A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote malicious user to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions prior to 10.1.47, prior to 10.2.34, prior to 10.3.25, prior to 10.4.15 and prior to 10.5.6.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mariadb mariadb |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
percona xtradb cluster |
||
galeracluster galera cluster for mysql |