Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didnt cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Shardingsphere | Apache | * | 5.3.0 (excluding) |