Lucene search
Veracode Vulnerability DatabaseVERACODE:37836HistoryNov 08, 2022 - 4:55 a.m.
Arbitrary Code Execution
2022-11-0804:55:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
arbitrary code execution
vulnerability
github.com/pingcap/tidb
data source name
injection
read access
0.002 Low
EPSS
Percentile
59.7%
github.com/pingcap/tidb is vulnerable to arbitrary code execution. The vulnerability exists because the data source name string in the database connection is not properly neutralized which allows an attacker to inject malicious code and get read access to files in the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/pingcap/tidb | le | v6.4.0-alpha | |
| github.com/pingcap/tidb | le | v6.4.0-alpha |
Related
huntr
huntr
Data Source Name Injection
2021-12-26 13:09:37
osv
osv
TiDB vulnerable to Use of Externally-Controlled Format String
2022-11-04 19:01:17
CVE-2022-3023
2022-11-04 12:15:14
github
github
TiDB vulnerable to Use of Externally-Controlled Format String
2022-11-04 19:01:17
cve
cve
CVE-2022-3023
2022-11-04 12:15:14
nvd
nvd
CVE-2022-3023
2022-11-04 12:15:14
prion
prion
Format string
2022-11-04 12:15:00
cvelist
cvelist
CVE-2022-3023 Use of Externally-Controlled Format String in pingcap/tidb
2022-11-04 00:00:00