Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0053}

epss

{'score': 0.00568}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-04-15T13:41:08.826Z

Reserved: 2022-11-14T09:49:34.883Z

Link: CVE-2022-45347

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-22T11:15:09.053

Modified: 2025-04-15T14:15:35.580

Link: CVE-2022-45347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.