14 matches found
EUVD-2022-1182
Malicious code in bioql PyPI...
CVE-2022-21687
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
GO-2022-0298 Command injection in gh-ost in github.com/github/gh-ost
Command injection in gh-ost in github.com/github/gh-ost...
Arbitrary File Read
github.com/github/gh-ost is vulnerable to arbitrary file read. Lack of proper sanitization of -database parameter allows an attacker with access to host to execute malicious command via malicious input...
CVE-2022-21687
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
Command injection
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
CVE-2022-21687 Command injection in gh-ost
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
CVE-2022-21687 Command injection in gh-ost
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
CVE-2022-21687 Command injection in gh-ost
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
CVE-2022-21687
CVE-2022-21687 affects the gh-ost project for MySQL. Versions prior to 1.1.3 are vulnerable due to improper sanitization of the -database parameter, enabling an attacker with host access or who can coerce an admin into running a malicious gh-ost command to cause arbitrary file reads on the target...
GHSA-RRP4-2XX3-MV29 Command injection in gh-ost
Gh-ost version = 1.1.2 allows users to inject DSN strings via the -database parameter. This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from ho...
Command injection in gh-ost
Gh-ost version = 1.1.2 allows users to inject DSN strings via the -database parameter. This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from ho...
gh-ost 输入验证错误漏洞
gh-ost is a trigger-free online mode migration solution for MySQL. It is testable and provides suspendability, dynamic control/reconfiguration, auditing, and many operational privileges. gh-ost suffers from an input validation error vulnerability that stems from the presence of an arbitrary file...
PT-2022-15038 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: gh-ost versions prior to 1.1.3 Description: The issue is related to an arbitrary file read vulnerability. It requires the attacker to have access to the target host or trick an administrator into executing a malicious gh-ost command, along wi...