com.mysql:mysql-connector-j@8.0.31 vulnerabilities

  • latest version

    9.1.0

  • latest non vulnerable version

  • first published

    2 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the com.mysql:mysql-connector-j package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Access Control Bypass

    Affected versions of this package are vulnerable to Access Control Bypass. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change).

    Note:

    Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

    How to fix Access Control Bypass?

    Upgrade com.mysql:mysql-connector-j to version 8.2.0 or higher.

    [,8.2.0)
    • M
    Remote Code Execution (RCE)

    Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient checks in the java.sql.DriverManager.getConnection() method when used with untrusted inputs.

    How to fix Remote Code Execution (RCE)?

    Upgrade com.mysql:mysql-connector-j to version 8.0.33 or higher.

    [,8.0.33)