CVE-2021-3779

Summary

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.

Affected Software

VendorProductVersion RangeStatus
Tomita Masahiroruby-mysql2.9.14 <= 2.9.14affected

Weaknesses

  • CWE-610: CWE-610 Externally Controlled Reference to a Resource in Another Sphere

ADP Enrichment

CVE Program Container

Additional References

References