返回 CVE 瀏覽器

CVE-2021-27928

HIGH

7.2

CVSS Severity Score

EPSS Score0.0540%

EPSS Percentile22.64th

Published2021年3月19日

Last Modified2024年11月21日

Vulnerability Description

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Affected Platforms (CPE)

📦

Mariadb

Mariadb

>= 10.2 and < 10.2.37

📦

Mariadb

Mariadb

>= 10.3 and < 10.3.28

📦

Mariadb

Mariadb

>= 10.4 and < 10.4.18

📦

Mariadb

Mariadb

>= 10.5 and < 10.5.9

📦

Percona

Percona Server

<= 2021-03-03

📦

Galeracluster

Wsrep

<= 2021-03-03

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html

🔗 https://jira.mariadb.org/browse/MDEV-25179

🔗 https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html

🔗 https://mariadb.com/kb/en/mariadb-10237-release-notes/

🔗 https://mariadb.com/kb/en/mariadb-10328-release-notes/

🔗 https://mariadb.com/kb/en/mariadb-10418-release-notes/

🔗 https://mariadb.com/kb/en/mariadb-1059-release-notes/

🔗 https://mariadb.com/kb/en/security/

相關漏洞威脅

CVE-2026-4926110.0

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 th...

CVE-2021-403539.8

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attac...

CVE-2019-107529.8

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function...

CVE-2021-393779.8

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious at...