Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4
-
None
Description
mariadb-dump trusts the server and puts the data it receives into the dump without validation or escaping. Malicious server can inject thus \​! command into the dump.
Attachments
Issue Links
- causes
-
MDEV-34183 MariaDB 10.6.18 seems to generate invalid SQL dumps
- Closed
- is blocked by
-
MDEV-21778 Disable system commands in mysql/mariadb client
- Closed
- links to