CVE-2021-27928
19.03.2021, 03:15
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
| Vendor | Product | Version |
|---|---|---|
| mariadb | mariadb | 10.2 ≤ 𝑥 < 10.2.37 |
| mariadb | mariadb | 10.3 ≤ 𝑥 < 10.3.28 |
| mariadb | mariadb | 10.4 ≤ 𝑥 < 10.4.18 |
| mariadb | mariadb | 10.5 ≤ 𝑥 < 10.5.9 |
| percona | percona_server | 𝑥 ≤ 2021-03-03 |
| galeracluster | wsrep | 𝑥 ≤ 2021-03-03 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| mariadb-10.1 |
| ||||||||||||||||||||||||
| mariadb-10.3 |
| ||||||||||||||||||||||||
| mariadb-10.5 |
| ||||||||||||||||||||||||
| percona-server-5.6 |
|
References