First published: Wed Apr 28 2021(Updated: )
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Etherpad UeberDB | <1.4.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.