CVE: 2020-2933 found in MySQL java connector - Version: 5.1.35 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	MySQL java connector
Description	MySQL java connector
Language	JAVA
Vulnerability	Denial Of Service (DoS)
Vulnerability description	mysql-connector-java is vulnerable to denial of service. When working with a load balancing setup, if the connection property loadBalanceStrategy was set to bestResponseTime and connections to all the hosts in the original setup failed, a denial of service condition will occur in Connector/J, even if newly-added hosts are available.
CVE	2020-2933
CVSS score	3.5
Vulnerability present in version/s	5.1.6-5.1.48
Found library version/s	5.1.35
Vulnerability fixed in version	5.1.49
Library latest version	8.0.31
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/26741
• Patch: https://github.com/mysql/mysql-connector-j/commit/e824d25875e2fdfdacf8a09e8d829df00a3db8e7

[github-actions[bot]]

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2