CVE-2021-2307

Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.7.33 and prior MySQL Server versions 8.0.23 and prior

Description The issue is related to insufficient input validation in the MySQL Server component of Oracle MySQL, specifically in the Server: Packaging subcomponent. This can be exploited by an attacker to gain unauthorized access to modify, add, or delete data using the MySQL protocol. Successful attacks may require human interaction and can result in unauthorized access to critical data or complete access to all MySQL Server accessible data, as well as unauthorized update, insert, or delete access to some of MySQL Server accessible data.

Recommendations For MySQL Server versions 5.7.33 and prior, update to a version later than 5.7.33 to resolve the issue. For MySQL Server versions 8.0.23 and prior, update to a version later than 8.0.23 to resolve the issue. As a temporary workaround, consider restricting access to the MySQL Server to minimize the risk of exploitation.