CVE-2023-39021

Name of the Vulnerable Software and Affected Versions wix-embedded-mysql versions 4.6.1 and below wix-embedded-mysql versions 4.6.2 and below

Since both versions are essentially the same in terms of vulnerability, we can consolidate them into a single line for clarity: wix-embedded-mysql versions 4.6.2 and below

Description The issue is related to a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument to the apply function.

Recommendations For wix-embedded-mysql versions 4.6.2 and below, consider disabling the com.wix.mysql.distribution.Setup.apply component until a patch is available. Restrict access to the apply function in the com.wix.mysql.distribution.Setup component to minimize the risk of exploitation. Avoid passing unchecked arguments to the apply function until the issue is resolved.