GO-2023-1717

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2023-1717

Import Source

https://vuln.go.dev/ID/GO-2023-1717.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2023-1717

Aliases

Published

2023-04-12T20:20:52Z

Modified

2024-05-20T16:03:47Z

Summary

Improper handling of keyspaces in vitess.io/vitess

Details

Users can create a keyspace containing '/'. Future attempts to view keyspaces from some tools (including VTAdmin and "vtctldclient GetKeyspaces") receive an error.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-1717"
}

References

Credits

- @AdamKorcz
- @ajm188

Affected packages

Go / vitess.io/vitess

Package

Name: vitess.io/vitess; View open source insights on deps.dev
Purl: pkg:golang/vitess.io/vitess

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.16.1

Ecosystem specific

{
    "imports": [
        {
            "path": "vitess.io/vitess/go/vt/vtorc/inst",
            "symbols": [
                "GetDurabilityPolicy",
                "ReadKeyspace",
                "ReadTopologyInstance",
                "ReadTopologyInstanceBufferable",
                "SwitchPrimary"
            ]
        },
        {
            "path": "vitess.io/vitess/go/vt/topo",
            "symbols": [
                "Server.CreateKeyspace",
                "Server.CreateShard",
                "Server.FindAllShardsInKeyspace",
                "Server.GetKeyspace",
                "Server.GetKeyspaceDurability",
                "Server.GetOnlyShard",
                "Server.GetOrCreateShard",
                "Server.GetServingShards",
                "Server.GetShardNames",
                "Server.InitTablet",
                "Server.ResolveShardWildcard"
            ]
        }
    ]
}