DEBIAN-CVE-2020-15180

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-15180

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-15180.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-15180

Upstream

CVE-2020-15180

Published

2021-05-27T20:15:07Z

Modified

2025-09-25T22:40:47Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

References

https://security-tracker.debian.org/tracker/CVE-2020-15180

Affected packages

Debian:11 / mariadb-10.5

Package

Name: mariadb-10.5
Purl: pkg:deb/debian/mariadb-10.5?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:10.5.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}