[MDEV-39413] wsrep unsafe handling of parameters - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.3
Fix Version/s: 10.6.26, 10.11.17, 11.4.11, 11.8.7, 12.3.2
Component/s: wsrep
Labels:
None

Bug Category:
Can result in unexpected behaviour
Sprint:
Q2/2026 Replic. Development

Description

wsrep_sst_mariabackup on the donor side interpolates parameters sent by the joiner into the command line without proper validation.

For example, certificate's CommonName can contain arbitrary characters.

Reported by Asim Viladi Oglu Manizada

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 1 week ago 19:52

Updated:: Yesterday 20:33

Resolved:: 2 days ago 07:44

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.