Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache ShardingSphere-Proxy: MySQL authentication bypass
Vulnerability Description
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
CVSS Information
N/A
Vulnerability Type
清理环节不完整
Vulnerability Title
Apache ShardingSphere 安全漏洞
Vulnerability Description
Apache ShardingSphere是美国阿帕奇(Apache)基金会的一套开源的分布式数据库中间件解决方案。 Apache ShardingSphere-Proxy 5.3.0之前版本存在安全漏洞,该漏洞源于在使用MySQL作为数据库后端时,在客户端认证失败后并没有完全清理数据库会话,这使得攻击者可以通过构造一个特殊的MySQL客户端来执行正常的命令。
CVSS Information
N/A
Vulnerability Type
N/A