CVE-2024-21209

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.4.2 and prior Oracle MySQL versions 9.0.1 and prior

Description: The issue is related to insufficient input validation in the MySQL Client product, specifically in the mysqldump component. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Client, but successful attacks require human interaction from a person other than the attacker. This can result in unauthorized read access to a subset of MySQL Client accessible data.

Recommendations: For versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. For versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the mysqldump component until a patch is available.