← Voltar para CVEs
CVE-2022-21687
MEDIUM6.8
Descricao
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.
Detalhes CVE
Pontuacao CVSS v3.16.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado2/1/2022
Ultima modificacao5/5/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
github:gh-ost
Fraquezas (CWE)
CWE-20CWE-20
Referencias
https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f(security-advisories@github.com)
https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29(security-advisories@github.com)
https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.