Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-12-22T10:47:44.716Z

Updated: 2024-08-03T14:09:56.652Z

Reserved: 2022-11-14T09:49:34.883Z

Link: CVE-2022-45347

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-22T11:15:09.053

Modified: 2024-11-21T07:29:04.487

Link: CVE-2022-45347

cve-icon Redhat

No data.