{"schema_version": "1.6.1", "id": "CVE-2022-45347", "summary": "MySQL authentication bypass", "details": "Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "5.3.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/l5rz7j4rg10o7ywtgknh2f5hxnv6yw3l"}]}