CVE-2021-3779
6.5MEDIUMA malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a
Published: 6/28/2022Updated: 11/21/2024
Description
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.
AI AnalysisPowered by AI
Affected Products
ruby-mysql_projectruby-mysql
References
- https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/ExploitMitigationThird Party Advisory
- https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/ExploitMitigationThird Party Advisory