Homepage

mysql-connector-python@9.2.0 vulnerabilities

A self-contained Python driver for communicating with MySQL servers, using an API that is compliant with the Python Database API Specification v2.0 (PEP 249).

  • latest version

    9.5.0

  • latest non vulnerable version

    9.5.0

  • first published

    8 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View mysql-connector-python package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the mysql-connector-python package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Arbitrary File Read

    mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification (PEP-249).

    Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to improper validation of the filename field. An attacker could access critical data by exploiting this vulnerability.

    How to fix Arbitrary File Read?

    Upgrade mysql-connector-python to version 9.3.0 or higher.

    [,9.3.0)
    Go back to all versions of this package