EUVD-2023-1601

Malicious code in bioql PyPI...

CVE-2023-29195

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...

AZL-26696 CVE-2023-29195 affecting package vitess for versions less than 16.0.2-1

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...

Design/Logic Flaw

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...

GHSA-PQJ7-JX24-WJ7W VTAdmin users that can create shards can deny access to other functions

Impact Users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspaces will also no longer work. Creating a shard using...

VTAdmin users that can create shards can deny access to other functions

Impact Users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspaces will also no longer work. Creating a shard using...

CVE-2023-29195

Vitess VTAdmin shard creation bug: before 16.0.2, VTAdmin could produce a shard name containing a "/" that caused subsequent shard creation attempts to fail and keyspace views to break. The issue is fixed in version 16.0.2 (go module v0.16.2). Workarounds include: use vtctldclient to create shard...

CVE-2023-29195 Vitess VTAdmin users that can create shards can deny access to other functions

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...

AZL-26295 CVE-2023-29194 affecting package vitess for versions less than 16.0.2-1

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...

Design/Logic Flaw

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...

CVE-2023-29194

Vitess CVE-2023-29194 describes a logic flaw that allows creation of a keyspace containing a slash (/), which can cause VTAdmin (and in some references vtctldclient GetKeyspaces) to error when listing or viewing keyspaces. The underlying issue affects how keyspaces with a slash are handled and ma...

GHSA-735R-HV67-G38F vitess allows users to create keyspaces that can deny access to already existing keyspaces

Impact Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using vtctldclient GetKeyspaces will also return an error. Note th...