Lucene search
GitHub Advisory DatabaseGHSA-7FXJ-FR3V-R9GJHistoryNov 04, 2022 - 7:01 p.m.
TiDB vulnerable to Use of Externally-Controlled Format String
2022-11-0419:01:17
CWE-134
GitHub Advisory Database
github.com
9
tidb
data source name injection
arbitrary file reads
version 6.4.0
version 6.1.3
database security
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
59.6%
TiDB server (importer CLI tool) prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."
Affected configurations
Node
pingcaptidbRange6.2.0–6.4.0-alpha1
ORpingcaptidbRange≤6.1.2
Related
osv
osv
TiDB vulnerable to Use of Externally-Controlled Format String
2022-11-04 19:01:17
CVE-2022-3023
2022-11-04 12:15:14
veracode
veracode
Arbitrary Code Execution
2022-11-08 04:55:52
huntr
huntr
Data Source Name Injection
2021-12-26 13:09:37
cve
cve
CVE-2022-3023
2022-11-04 12:15:14
cvelist
cvelist
CVE-2022-3023 Use of Externally-Controlled Format String in pingcap/tidb
2022-11-04 00:00:00
prion
prion
Format string
2022-11-04 12:15:00
nvd
nvd
CVE-2022-3023
2022-11-04 12:15:14
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
59.6%
Related for GHSA-7FXJ-FR3V-R9GJ