mysql-connector-python@8.0.5 vulnerabilities

A self-contained Python driver for communicating with MySQL servers, using an API that is compliant with the Python Database API Specification v2.0 (PEP 249).

latest version

9.1.0
latest non vulnerable version

9.1.0
first published

7 years ago
latest version published

a month ago
licenses detected
- GPL-2.0
  [0,)
View mysql-connector-python package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mysql-connector-python package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M SQL Injection mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification (PEP-249). Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of schema and table names. How to fix SQL Injection? Upgrade `mysql-connector-python` to version 8.0.11 or higher.	[,8.0.11)
H Access Control Bypass mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification (PEP-249). Affected versions of this package are vulnerable to Access Control Bypass via multiple protocols. An attacker can take over the MySQL Connectors by exploiting network access with low privileges. How to fix Access Control Bypass? Upgrade `mysql-connector-python` to version 9.1.0 or higher.	[,9.1.0)
H Denial of Service (DoS) mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification (PEP-249). Affected versions of this package are vulnerable to Denial of Service (DoS) allowing an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. How to fix Denial of Service (DoS)? Upgrade `mysql-connector-python` to version 8.4.0 or higher.	[,8.4.0)
H Improper Access Control mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification (PEP-249). Affected versions of this package are vulnerable to Improper Access Control. An unauthenticated attacker with network access via TLS could compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. It could result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. How to fix Improper Access Control? Upgrade `mysql-connector-python` to version 8.0.14 or higher.	[,8.0.14)

Go back to all versions of this package

mysql-connector-python@8.0.5 vulnerabilities

A self-contained Python driver for communicating with MySQL servers, using an API that is compliant with the Python Database API Specification v2.0 (PEP 249).

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities