{"id":"CVE-2021-27928","details":"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.","aliases":["BIT-mariadb-2021-27928","BIT-mariadb-min-2021-27928","BIT-mysql-client-2021-27928"],"modified":"2026-04-10T04:31:37.406525Z","published":"2021-03-19T03:15:12.427Z","related":["ALSA-2021:1242","CGA-wfpv-gfr3-jprg","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2021:2605-1","SUSE-SU-2021:2616-1","SUSE-SU-2021:2617-1","SUSE-SU-2021:2634-1","openSUSE-SU-2021:2605-1","openSUSE-SU-2021:2616-1","openSUSE-SU-2021:2617-1","openSUSE-SU-2024:11648-1"],"references":[{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-10418-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-1059-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/security/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-10237-release-notes/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-28"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-10328-release-notes/"},{"type":"REPORT","url":"https://jira.mariadb.org/browse/MDEV-25179"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"ce3a2a688db556d8d077a409fd9bf5cc013d13dd"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"0d55b020e16fb0ab88547a28a22cb58eaa7fb229"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"53123dfa3e365138591fd2f160c6057aca00a3e6"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"3a8ca9096ea82ca61811450775511533d6cb1bb4"}],"database_specific":{"versions":[{"introduced":"10.2"},{"fixed":"10.2.37"},{"introduced":"10.3"},{"fixed":"10.3.28"},{"introduced":"10.4"},{"fixed":"10.4.18"},{"introduced":"10.5"},{"fixed":"10.5.9"}]}},{"type":"GIT","repo":"https://github.com/percona/percona-server","events":[{"introduced":"0"},{"last_affected":"6feb03ff8ed4663c03dd5553f77dd7e4bffbd950"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["Percona-Server-8.0.12-1.alpha","Percona-Server-8.0.13-4","Percona-Server-8.0.34-26","Percona-Server-8.1.0-1","Percona-Server-9.0.1-1","clone-5.1.0-build","clone-5.1.31-pv-0.2.0-build","clone-5.1.4-build","clone-5.4.0-build","clone-5.6.3-m5-build","clone-5.6.3-m6-build","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.24","mariadb-10.2.25","mariadb-10.2.26","mariadb-10.2.27","mariadb-10.2.28","mariadb-10.2.29","mariadb-10.2.30","mariadb-10.2.31","mariadb-10.2.5","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.16","mariadb-10.3.17","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.2","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.3.26","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.4.5","mariadb-10.4.7","mariadb-10.4.9","mariadb-10.5.0","mariadb-10.5.2","mariadb-10.5.4","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql_4.0","mysqlsummit-0.2.0","mysqlsummit-0.2.0-build","mysqlsummit-0.2.1","mysqlsummit-0.2.1-build"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2021-03-03"}]},{"events":[{"introduced":"0"},{"last_affected":"2021-03-03"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27928.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}