Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.5, 10.6, 10.11, 11.1(EOL), 11.2, 11.4, 10.4(EOL), 11.0(EOL), 11.3(EOL)
-
None
Description
mariadb-dump trusts the server and puts the data it receives into the dump without validation or escaping. Malicious server can inject thus \​! command into the dump.
Attachments
Issue Links
- causes
-
MDEV-34183 MariaDB 10.6.18 seems to generate invalid SQL dumps
- Closed
-
MDEV-34203 Sandbox mode \- is not compatible with --binary-mode
- Closed
-
MDEV-34339 mariadb_repo_setup package doesn't work with MariaDB 10.6 and Debian 12 Bookworm
- Closed
- is blocked by
-
MDEV-21778 Disable system commands in mysql/mariadb client
- Closed
- links to