CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2020-7221 — HIGH severity vulnerability | Release Alert
CVE-2020-7221
7.8
HIGHCVSS v3
Published
February 4, 2020
CVSS v2
7.2 HIGH
Affected
5 projects
Assigned by
MITRE
Severity scale
010
Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
GitHubMariaDB server is a community developed fork of MySQL server. Started by core members of the original MySQL team, MariaDB actively works with outside developers to deliver the most featureful, stable, and sanely licensed open SQL server in the industry.
ChocolateyMariaDB is designed as a drop-in replacement of [MySQL](https://community.chocolatey.org/packages/mysql) with more features, new storage engines, fewer bugs, and better performance. MariaDB server is a community developed fork of MySQL server started by core members of the original MySQL team.
MariaDB strives to be the logical choice for database professionals looking for a robust, scalable, and reliable SQL server. To accomplish this, the MariaDB Foundation work closely and cooperatively with the larger community of users and developers in the true spirit of Free and open source software, and release software in a manner that balances predictability with reliability.
#### MariaDB comparison to MySQL
* [Features](https://mariadb.com/kb/en/mariadb/mariadb-vs-mysql-features/)
* [Compatibility](https://mariadb.com/kb/en/mariadb/mariadb-vs-mysql-compatibility/)
#### Community
* [Facebook](https://www.facebook.com/MariaDB.dbms)
* [Google+](https://plus.google.com/+mariadb)
* [Twitter](https://twitter.com/mariadb)
**Please Note**: This is an automatically updated package. If you find it is
out of date by more than a day or two, please contact the maintainer(s) and
let them know [here](https://github.com/mkevenaar/chocolatey-packages/issues) that the package is no longer updating correctly.