issues
search
gwhittemore-veracode
/
Veracode-GW-Training-demo
1
stars
0
forks
source link
CVE: 2017-3589 found in MySQL Connector/J - Version: 5.1.35 [JAVA]
#161
Open
github-actions[bot]
opened
2 years ago
github-actions[bot]
commented
2 years ago
Veracode Software Composition Analysis
Attribute
Details
Library
MySQL Connector/J
Description
JDBC Type 4 driver for MySQL
Language
JAVA
Vulnerability
Database Overwrite
Vulnerability description
mysql-connector-java is vulnerable to database overwrite. The library does not clear the cache of preparedstatements after there has been a catalog change, allowing a malicious user to use cached prepared SQL statements against a new catalog.
CVE
2017-3589
CVSS score
2.1
Vulnerability present in version/s
5.1.1-5.1.41
Found library version/s
5.1.35
Vulnerability fixed in version
5.1.42
Library latest version
8.0.30
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/4201
Patch:
https://github.com/mysql/mysql-connector-j/commit/44631dd316e3da818fb593f02dbbe30308a937e0
Veracode Software Composition Analysis
Links: