Vitess maintainers have confirmed a serious path traversal vulnerability in the project’s backup restore path that allows anyone with write access to backup storage to cause a restore operation to write files to arbitrary locations on the host where Vitess runs — a risk that can lead to data...
Vitess operators and cloud teams must treat their backups like a live attack surface: a recently disclosed vulnerability shows that anyone with read/write access to backup storage can weaponize manifest metadata to execute arbitrary commands during restore and gain unauthorized access to...
