You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Weijie Wu <wu...@apache.org> on 2022/12/22 09:35:08 UTC

CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass

Description:

ShardingSphere-Proxy with MySQL protocol didn't cleanup session completely after client authentication failed, which allows an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in ShardingSphere 5.3.0.

References:

https://shardingsphere.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-45347