CVE-2024-21096Inclusion of Functionality from Untrusted Control Sphere in Corporation Mysql Server

CWE-829Inclusion of Functionality from Untrusted Control Sphere11 documents9 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 68.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
MariadbOracle Corporation Mysql ServerOracle Mysql+2 more
Timeline
PublishedApr 16
Latest updateAug 14

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 1.4 | Impact: 3.4

Affected Packages3 packages

CVEListV5oracle_corporation/mysql_server*8.0.36+1
NVDoracle/mysql8.0.08.0.36+1
Debianmariadb/mariadb< 1:10.11.11-0+deb12u1+2

Also affects: Debian Linux 11.0, Fedora 39, 40

🔴Vulnerability Details

3
GHSA
GHSA-3vx9-2ch5-m6r6: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump)2024-04-17
OSV
CVE-2024-21096: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump)2024-04-16
CVEList
CVE-2024-21096: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump)2024-04-16

📋Vendor Advisories

7
Red Hat
postgresql: PostgreSQL code execution in restore operation2025-08-14
Ubuntu
MariaDB vulnerability2024-06-19
Ubuntu
MySQL vulnerabilities2024-06-11
Red Hat
mysql: Client: mysqldump unspecified vulnerability (CPU Apr 2024)2024-04-16
Oracle
Oracle Oracle MySQL Risk Matrix: Client: mysqldump — CVE-2024-210962024-04-15
CVE-2024-21096 — Corporation Mysql Server vulnerability | cvebase