CVE-2020-15180

Name of the Vulnerable Software and Affected Versions mariadb versions prior to 10.1.47 mariadb versions prior to 10.2.34 mariadb versions prior to 10.3.25 mariadb versions prior to 10.4.15 mariadb versions prior to 10.5.6

Description The issue is related to errors in input data processing during code syntax analysis in the mysql-wsrep component of MariaDB. A flaw was found in the lack of input sanitization in the wsrep sst method, allowing for command injection. This can be exploited by a remote attacker to execute arbitrary commands on Galera cluster nodes, threatening the system's confidentiality, integrity, and availability.

Recommendations For versions prior to 10.1.47, update to a version that includes the fix for this issue. For versions prior to 10.2.34, update to a version that includes the fix for this issue. For versions prior to 10.3.25, update to a version that includes the fix for this issue. For versions prior to 10.4.15, update to a version that includes the fix for this issue. For versions prior to 10.5.6, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the wsrep sst method to minimize the risk of exploitation.