CVE-2023-29195

Name of the Vulnerable Software and Affected Versions Vitess versions prior to 16.0.2

Description The issue allows users to create a shard containing / characters from VTAdmin, which can cause errors when trying to create new shards or view keyspaces. Creating a shard using vtctldclient does not have the same problem because the CLI validates the input correctly.

Recommendations For versions prior to 16.0.2, consider the following workarounds: Always use vtctldclient to create shards, instead of using VTAdmin. Disable creating shards from VTAdmin using RBAC. Delete the topology record for the offending shard using the client for your topology server. Update to version 16.0.2 or later, which contains a patch for this issue.