MySQL Connector/J before version 5.1.44 and 6.x is vulnerable to memory leak. When using cached server-side prepared statements, a memory leak occurred as references to opened statements were being kept while the statements were being decached; it happened when either the close() method has been called twice on a statement, or when there were conflicting cache entries for a statement and the older entry had not been closed and removed from the opened statement list.
HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master
Description
MySQL Connector/J before version 5.1.44 and 6.x is vulnerable to memory leak. When using cached server-side prepared statements, a memory leak occurred as references to opened statements were being kept while the statements were being decached; it happened when either the close() method has been called twice on a statement, or when there were conflicting cache entries for a statement and the older entry had not been closed and removed from the opened statement list.
HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master
Vulnerability ID: Cx6f651376-312a
Package Name: mysql:mysql-connector-java
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2017-08-14T23:00:00
Current Package Version: 5.1.26
Remediation Upgrade Recommendation: 8.0.20
Link To SCA