github.com/pingcap/tidb is vulnerable to arbitrary code execution. The vulnerability exists because the data source name string in the database connection is not properly neutralized which allows an attacker to inject malicious code and get read access to files in the system.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/pingcap/tidb | le | v6.4.0-alpha | |
github.com/pingcap/tidb | le | v6.4.0-alpha |