beniisan / JavaVulnLab_Cx

GNU General Public License v2.0
0 stars 0 forks source link

CX: Cx039cb67c-ead3 in Maven-mysql:mysql-connector-java and 5.1.26 @ JavaVulnLab_Cx.${basename #20

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Description

MySQL Connector/J before 5.1.37 is vulnerable to Memory Leak. The method methodCompressedInputStream.getNextPacketFromServer() of src/com/mysq/jdbc/CompressedInputStream.java has high memory and garbage collection usage caused by the consecutive instantiation of a new inflater.

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch ${basename

Vulnerability ID: Cx039cb67c-ead3

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2015-08-16T23:00:00

Current Package Version: 5.1.26

Remediation Upgrade Recommendation: 8.0.20

Link To SCA

github-actions[bot] commented 3 years ago

Issue still exists.