{"id":"CVE-2021-27928","details":"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.","aliases":["BIT-mariadb-2021-27928","BIT-mariadb-min-2021-27928","BIT-mysql-client-2021-27928"],"modified":"2026-04-12T03:27:46.999025Z","published":"2021-03-19T03:15:12.427Z","related":["ALSA-2021:1242","CGA-wfpv-gfr3-jprg","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2021:2605-1","SUSE-SU-2021:2616-1","SUSE-SU-2021:2617-1","SUSE-SU-2021:2634-1","openSUSE-SU-2021:2605-1","openSUSE-SU-2021:2616-1","openSUSE-SU-2021:2617-1","openSUSE-SU-2024:11648-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"2021-03-03"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:galeracluster:wsrep:*:*:*:*:*:mysql:*:*"},{"extracted_events":[{"last_affected":"2021-03-03"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-10237-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-10328-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-10418-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb-1059-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/security/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-28"},{"type":"REPORT","url":"https://jira.mariadb.org/browse/MDEV-25179"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"ce3a2a688db556d8d077a409fd9bf5cc013d13dd"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"0d55b020e16fb0ab88547a28a22cb58eaa7fb229"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"53123dfa3e365138591fd2f160c6057aca00a3e6"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"3a8ca9096ea82ca61811450775511533d6cb1bb4"}],"database_specific":{"extracted_events":[{"introduced":"10.2"},{"fixed":"10.2.37"},{"introduced":"10.3"},{"fixed":"10.3.28"},{"introduced":"10.4"},{"fixed":"10.4.18"},{"introduced":"10.5"},{"fixed":"10.5.9"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"}}],"versions":["mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.24","mariadb-10.2.25","mariadb-10.2.26","mariadb-10.2.27","mariadb-10.2.28","mariadb-10.2.29","mariadb-10.2.30","mariadb-10.2.31","mariadb-10.2.5","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.16","mariadb-10.3.17","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.2","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.3.26","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.4.5","mariadb-10.4.7","mariadb-10.4.9","mariadb-10.5.0","mariadb-10.5.2","mariadb-10.5.4"],"database_specific":{"vanir_signatures_modified":"2026-04-12T03:27:46Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27928.json","vanir_signatures":[{"signature_type":"Line","source":"https://github.com/mariadb/server/commit/ce3a2a688db556d8d077a409fd9bf5cc013d13dd","id":"CVE-2021-27928-12557ed7","digest":{"line_hashes":["11425847502652849095417483971976726008","261028279744089143798832603799308744238","43178024023802145260950392730019310797","27426614060501693274586081300902699324","229288027330135542901329756108569736754","217226131754073329819203145638391009690","139208019122387927948352969887811226188","12732217612013947819634176605299937141"],"threshold":0.9},"signature_version":"v1","deprecated":false,"target":{"file":"sql/sys_vars.cc"}}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/percona/percona-server","events":[{"introduced":"0"},{"last_affected":"6feb03ff8ed4663c03dd5553f77dd7e4bffbd950"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"9.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}}],"versions":["Percona-Server-8.0.12-1.alpha","Percona-Server-8.0.13-4","Percona-Server-8.0.34-26","Percona-Server-8.1.0-1","Percona-Server-9.0.1-1","clone-5.1.0-build","clone-5.1.31-pv-0.2.0-build","clone-5.1.4-build","clone-5.4.0-build","clone-5.6.3-m5-build","clone-5.6.3-m6-build","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql_4.0","mysqlsummit-0.2.0","mysqlsummit-0.2.0-build","mysqlsummit-0.2.1","mysqlsummit-0.2.1-build"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27928.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}