mysql:mysql-connector-java 5.1.14 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mysql:mysql-connector-java package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Authorization mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to Improper Authorization via the `MysqlSQLXML::getSource()` function. A malicious actor with high privileges can access all of the MySQL connector's accessible data and crash the connectors. How to fix Improper Authorization? Upgrade `mysql:mysql-connector-java` to version 8.0.28 or higher.	[,8.0.28)
M XML External Entity (XXE) Injection mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the `getSource()` method, due to a missing check for external entities. How to fix XML External Entity (XXE) Injection? Upgrade `mysql:mysql-connector-java` to version 8.0.27 or higher.	[,8.0.27)
H Access Control Bypass mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to Access Control Bypass. A vulnerability in the `Connector/J` component allows low privileged attackers with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. How to fix Access Control Bypass? Upgrade `mysql:mysql-connector-java` to version 8.0.13 or higher.	[,8.0.13)
M SQL Injection mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to SQL Injection. Remote authenticated users may be allowed to read, update, insert or delete access to a subset of MySQL Connector accessible data. How to fix SQL Injection? Upgrade `mysql:mysql-connector-java` to version 5.1.35 or higher.	[,5.1.35)
M Privilege Escalation mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to Privilege Escalation. A user with high privileges who is logged onto the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. How to fix Privilege Escalation? Upgrade `mysql:mysql-connector-java` to version 8.0.16 or higher.	[,8.0.16)
M Arbitrary Code Execution `mysql:mysql-connector-java` provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of the package are vulnerable to Arbitrary Code Execution. Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. How to fix Arbitrary Code Execution? Upgrade `mysql:mysql-connector-java` to version 5.1.42 or higher.	[,5.1.42)
H Improper Access Control `mysql:mysql-connector-java` Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.	[,5.1.41)
L Improper Access Control Vulnerability in the MySQL Connectors component of Oracle MySQL (`subcomponent: Connector/J`). The vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data.	[,5.1.42)

Vulnerability

Vulnerable Version

Improper Authorization

mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of this package are vulnerable to Improper Authorization via the MysqlSQLXML::getSource() function. A malicious actor with high privileges can access all of the MySQL connector's accessible data and crash the connectors.

How to fix Improper Authorization?

Upgrade mysql:mysql-connector-java to version 8.0.28 or higher.

[,8.0.28)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the getSource() method, due to a missing check for external entities.

How to fix XML External Entity (XXE) Injection?

Upgrade mysql:mysql-connector-java to version 8.0.27 or higher.

[,8.0.27)

Access Control Bypass

mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of this package are vulnerable to Access Control Bypass. A vulnerability in the Connector/J component allows low privileged attackers with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

How to fix Access Control Bypass?

Upgrade mysql:mysql-connector-java to version 8.0.13 or higher.

[,8.0.13)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection. Remote authenticated users may be allowed to read, update, insert or delete access to a subset of MySQL Connector accessible data.

How to fix SQL Injection?

Upgrade mysql:mysql-connector-java to version 5.1.35 or higher.

[,5.1.35)

Privilege Escalation

Affected versions of this package are vulnerable to Privilege Escalation. A user with high privileges who is logged onto the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.

How to fix Privilege Escalation?

Upgrade mysql:mysql-connector-java to version 8.0.16 or higher.

[,8.0.16)

Arbitrary Code Execution

mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of the package are vulnerable to Arbitrary Code Execution. Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data.

How to fix Arbitrary Code Execution?

Upgrade mysql:mysql-connector-java to version 5.1.42 or higher.

[,5.1.42)

Improper Access Control

mysql:mysql-connector-java Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

[,5.1.41)

Improper Access Control

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). The vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data.

[,5.1.42)

mysql:mysql-connector-java@5.1.14 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?