mysql:mysql-connector-java 8.0.14 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mysql:mysql-connector-java package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Authorization mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to Improper Authorization via the `MysqlSQLXML::getSource()` function. A malicious actor with high privileges can access all of the MySQL connector's accessible data and crash the connectors. How to fix Improper Authorization? Upgrade `mysql:mysql-connector-java` to version 8.0.28 or higher.	[,8.0.28)
M XML External Entity (XXE) Injection mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the `getSource()` method, due to a missing check for external entities. How to fix XML External Entity (XXE) Injection? Upgrade `mysql:mysql-connector-java` to version 8.0.27 or higher.	[,8.0.27)
M Privilege Escalation mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API. Affected versions of this package are vulnerable to Privilege Escalation. A user with high privileges who is logged onto the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. How to fix Privilege Escalation? Upgrade `mysql:mysql-connector-java` to version 8.0.16 or higher.	[,8.0.16)

Vulnerability

Vulnerable Version

Improper Authorization

mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of this package are vulnerable to Improper Authorization via the MysqlSQLXML::getSource() function. A malicious actor with high privileges can access all of the MySQL connector's accessible data and crash the connectors.

How to fix Improper Authorization?

Upgrade mysql:mysql-connector-java to version 8.0.28 or higher.

[,8.0.28)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the getSource() method, due to a missing check for external entities.

How to fix XML External Entity (XXE) Injection?

Upgrade mysql:mysql-connector-java to version 8.0.27 or higher.

[,8.0.27)

Privilege Escalation

mysql:mysql-connector-java provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of this package are vulnerable to Privilege Escalation. A user with high privileges who is logged onto the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker.

How to fix Privilege Escalation?

Upgrade mysql:mysql-connector-java to version 8.0.16 or higher.

[,8.0.16)

mysql:mysql-connector-java@8.0.14 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?