Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-7FXJ-FR3V-R9GJ
HistoryNov 04, 2022 - 7:01 p.m.

TiDB vulnerable to Use of Externally-Controlled Format String

2022-11-0419:01:17
Google
osv.dev
1
tidb
data source name
injection
vulnerability
arbitrary file reads

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.7%

JSON

TiDB server (importer CLI tool) prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."

Related

huntr 1
veracode 1
github 1
cve 1
nvd 1
prion 1
cvelist 1
osv 1
huntr
huntr
Data Source Name Injection
2021-12-26 13:09:37
veracode
veracode
Arbitrary Code Execution
2022-11-08 04:55:52
github
github
TiDB vulnerable to Use of Externally-Controlled Format String
2022-11-04 19:01:17
cve
cve
CVE-2022-3023
2022-11-04 12:15:14
nvd
nvd
CVE-2022-3023
2022-11-04 12:15:14
prion
prion
Format string
2022-11-04 12:15:00
cvelist
cvelist
CVE-2022-3023 Use of Externally-Controlled Format String in pingcap/tidb
2022-11-04 00:00:00
osv
osv
CVE-2022-3023
2022-11-04 12:15:14

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.7%

JSON
Related for OSV:GHSA-7FXJ-FR3V-R9GJ
huntr1veracode1github1cve1nvd1prion1cvelist1osv1