{ "affected": [ { "ecosystem_specific": {}, "package": { "ecosystem": "Alpine:v3.20", "name": "mariadb", "purl": "pkg:apk/alpine/mariadb?arch=source" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "10.11.17-r0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": {}, "package": { "ecosystem": "Alpine:v3.21", "name": "mariadb", "purl": "pkg:apk/alpine/mariadb?arch=source" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "11.4.11-r0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": {}, "package": { "ecosystem": "Alpine:v3.22", "name": "mariadb", "purl": "pkg:apk/alpine/mariadb?arch=source" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "11.4.11-r0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": {}, "package": { "ecosystem": "Alpine:v3.23", "name": "mariadb", "purl": "pkg:apk/alpine/mariadb?arch=source" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "11.4.11-r0" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": {}, "package": { "ecosystem": "Alpine:v3.24", "name": "mariadb", "purl": "pkg:apk/alpine/mariadb?arch=source" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "11.8.7-r0" } ], "type": "ECOSYSTEM" } ] } ], "details": "MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9.", "id": "ALPINE-CVE-2026-44172", "modified": "2026-06-17T17:18:15.948676852Z", "published": "2026-06-12T18:16:34.123Z", "references": [ { "type": "ADVISORY", "url": "https://security.alpinelinux.org/vuln/CVE-2026-44172" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "upstream": [ "CVE-2026-44172" ] }