CVE-2022-21687

Name of the Vulnerable Software and Affected Versions gh-ost versions prior to 1.1.3

Description The issue is related to an arbitrary file read vulnerability. It requires the attacker to have access to the target host or trick an administrator into executing a malicious gh-ost command, along with network access from the host running gh-ost to the attacker's malicious MySQL server. The -database parameter does not properly sanitize user input, leading to arbitrary file reads. This is considered a low severity vulnerability.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the -database parameter to minimize the risk of exploitation.