CVE: 2017-3589 found in MySQL java connector - Version: 5.1.35 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	MySQL java connector
Description	MySQL java connector
Language	JAVA
Vulnerability	Database Overwrite
Vulnerability description	mysql-connector-java is vulnerable to database overwrite. The library does not clear the cache of preparedstatements after there has been a catalog change, allowing a malicious user to use cached prepared SQL statements against a new catalog.
CVE	2017-3589
CVSS score	2.1
Vulnerability present in version/s	5.1.1-5.1.41
Found library version/s	5.1.35
Vulnerability fixed in version	5.1.42
Library latest version	8.0.31
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/4201
• Patch: https://github.com/mysql/mysql-connector-j/commit/44631dd316e3da818fb593f02dbbe30308a937e0

[github-actions[bot]]

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2