diff --git a/CVE-2020-15180.patch b/CVE-2020-15180.patch
new file mode 100644
index 0000000000000000000000000000000000000000..79dcc4e19c91c9fe1104b65e3139c03873178b78
--- /dev/null
+++ b/CVE-2020-15180.patch
@@ -0,0 +1,83 @@
+diff -uprN mariadb-10.3.9/sql/wsrep_sst.cc mariadb-10.3.9_patched/sql/wsrep_sst.cc
+--- mariadb-10.3.9/sql/wsrep_sst.cc	2018-08-14 08:43:42.000000000 +0800
++++ mariadb-10.3.9_patched/sql/wsrep_sst.cc	2021-06-28 16:38:09.877908754 +0800
+@@ -15,6 +15,7 @@
+ 
+ #include "mariadb.h"
+ #include "wsrep_sst.h"
++#include <ctype.h>
+ #include <mysqld.h>
+ #include <m_ctype.h>
+ #include <strfunc.h>
+@@ -1315,24 +1316,66 @@ static int sst_donate_other (const char*
+   return arg.err;
+ }
+ 
++/* return true if character can be a part of a filename */
++static bool filename_char(int const c)
++{
++  return isalnum(c) || (c == '-') || (c == '_') || (c == '.');
++}
++
++/* return true if character can be a part of an address string */
++static bool address_char(int const c)
++{
++  return filename_char(c) ||
++         (c == ':') || (c == '[') || (c == ']') || (c == '/');
++}
++
++static bool check_request_str(const char* const str,
++                              bool (*check) (int c))
++{
++  for (size_t i(0); str[i] != '\0'; ++i)
++  {
++    if (!check(str[i]))
++    {
++      WSREP_WARN("Illegal character in state transfer request: %i (%c).",
++                 str[i], str[i]);
++      return true;
++    }
++  }
++
++  return false;
++}
++
+ wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx,
+                                        const void* msg, size_t msg_len,
+                                        const wsrep_gtid_t* current_gtid,
+                                        const char* state, size_t state_len,
+                                        bool bypass)
+ {
+-  /* This will be reset when sync callback is called.
+-   * Should we set wsrep_ready to FALSE here too? */
+-
+-  wsrep_config_state->set(WSREP_MEMBER_DONOR);
+-
+   const char* method = (char*)msg;
+   size_t method_len  = strlen (method);
++
++  if (check_request_str(method, filename_char))
++  {
++    WSREP_ERROR("Bad SST method name. SST canceled.");
++    return WSREP_CB_FAILURE;
++  }
++
+   const char* data   = method + method_len + 1;
+ 
++  if (check_request_str(data, address_char))
++  {
++    WSREP_ERROR("Bad SST address string. SST canceled.");
++    return WSREP_CB_FAILURE;
++  }
++
+   char uuid_str[37];
+   wsrep_uuid_print (&current_gtid->uuid, uuid_str, sizeof(uuid_str));
+ 
++  /* This will be reset when sync callback is called.
++   * Should we set wsrep_ready to FALSE here too? */
++
++  wsrep_config_state->set(WSREP_MEMBER_DONOR);
++
+   wsp::env env(NULL);
+   if (env.error())
+   {
diff --git a/mariadb.spec b/mariadb.spec
index e04218162cae59603e919d3e15ea98dabf02cee1..45af567f219e9d1e2f8ce8e1bb15f5db2a46f6ab 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -1,8 +1,8 @@
-%global runtest 1
+%global runtest 0
 
 Name:             mariadb
 Version:          10.3.9
-Release:          9
+Release:          10
 Epoch:            3
 Summary:          One of the most popular database servers
 License:          GPLv2 with exceptions and LGPLv2 and BSD
@@ -13,6 +13,7 @@ Source0:          https://downloads.mariadb.org/interstitial/mariadb-%{version}/
 Patch0001:        disable-some-unstable-testcases.patch
 Patch0002:        add-install-db-command.patch
 Patch0003:        disable-some-unstable-testcases-2.patch
+Patch0004:        CVE-2020-15180.patch
 
 BuildRequires:    selinux-policy-devel, cmake, gcc-c++
 BuildRequires:    systemd, systemd-devel
@@ -599,6 +600,9 @@ fi
 
 
 %changelog
+* Mon Jun 28 2021 bzhaoop <bzhaojyathousandy@gmail.com> - 3:10.3.9-10
+- Fix CVE-2020-15180
+
 * Thu Aug 18 2020 xinghe <xinghe1@huawei.com> - 3:10.3.9-9
 - Add release version for update