EUVD-2022-5970

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-3779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. Thi...

K01934914: Ruby-MySQL vulnerability CVE-2021-3779

Security Advisory Description A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. CVE-2021-3779 Impact There is no impact; F5 products are...

Arbitrary File Read

ruby-mysql is vulnerable to arbitrary file read. A malicious MySQL server can request local file content from a client without explicit authorization from the user if the filename specified by the server does not match with OPTLOADDATALOCALDIR...

Access Restriction Bypass

Overview ruby-mysql is a MySQL connector. pure Ruby version Affected versions of this package are vulnerable to Access Restriction Bypass. A malicious MySQL server can request local file content from a client using without explicit authorization from the user. Remediation Upgrade ruby-mysql to...

GHSA-73PR-G6JJ-5HC9 Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...

Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...

CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

Authorization

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

CVE-2021-3779

CVE-2021-3779 affects the ruby-mysql RubyGem prior to 2.10.0, enabling a malicious MySQL server to request local file content from a client. The root cause is unsafe handling that allows a server to access local files on the client, not from the server. The issue is fixed in ruby-mysql 2.10.0 and...

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610: Externally Controlled Reference to a Resource in Another Sphere, wherein a malicious MySQL server can request local file content from a client without explicit authorization from...

Ruby ruby-mysql 安全漏洞

Ruby ruby-mysql is a pure Ruby version of the MySQL connector from the Ruby community.An access control error vulnerability exists in Ruby ruby-mysql Gem versions prior to 2.10.0, which stems from the fact that a malicious MySQL server can request local file content from a client without explicit...

ruby-mysql Client File Read

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...