mysql:mysql-connector-java@8.0.25 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mysql:mysql-connector-java package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authorization

mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of this package are vulnerable to Improper Authorization via the MysqlSQLXML::getSource() function. A malicious actor with high privileges can access all of the MySQL connector's accessible data and crash the connectors.

How to fix Improper Authorization?

Upgrade mysql:mysql-connector-java to version 8.0.28 or higher.

[,8.0.28)
  • M
XML External Entity (XXE) Injection

mysql:mysql-connector-java is a provides connectivity for client applications developed in the Java programming language with MySQL Connector/J, a driver that implements the Java Database Connectivity (JDBC) API.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the getSource() method, due to a missing check for external entities.

How to fix XML External Entity (XXE) Injection?

Upgrade mysql:mysql-connector-java to version 8.0.27 or higher.

[,8.0.27)