CVE-2021-2411

Name of the Vulnerable Software and Affected Versions Oracle MySQL Cluster versions 8.0.25 and prior

Description The issue exists due to insufficient input validation in the Cluster: JS module of the Oracle MySQL Cluster system. This allows a remote attacker to cause a partial denial of service (DOS) of MySQL Cluster via multiple protocols. The attacker does not need authentication and can access the system through the network. Successful exploitation can result in unauthorized ability to cause a partial denial of service.

Recommendations For versions 8.0.25 and prior, consider restricting network access to the Cluster: JS module until a patch is available. As a temporary workaround, limit the use of the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.