CVE-2023-29194
Improper handling of keyspaces in vitess.io/vitess
4.1
MEDIUM
CVSS 3.1
EPSS 0.47%
Description
Users can create a keyspace containing '/'. Future attempts to view keyspaces from some tools (including VTAdmin and "vtctldclient GetKeyspaces") receive an error.
How to fix CVE-2023-29194
To remediate CVE-2023-29194, upgrade the affected package to a fixed version below.
- Go/vitess.io/vitess—upgrade to 0.16.1 or later
- —upgrade to 0.16.1 or later
Is CVE-2023-29194 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.16.1
- from 0, < 0.16.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L |