Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
Vulnerability Description
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
CVSS Information
N/A
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
aiomysql 安全漏洞
Vulnerability Description
aiomysql是aio-libs开源的一个MySQL访问库。 aiomysql 0.3.0之前版本存在安全漏洞,该漏洞源于未检查客户端设置,可能导致恶意服务器获取客户端任意文件。
CVSS Information
N/A
Vulnerability Type
N/A