issues
search
gwhittemore-veracode
/
Veracode-GW-Training-demo
1
stars
0
forks
source link
CVE: 2017-3586 found in MySQL Connector/J - Version: 5.1.35 [JAVA]
#162
Open
github-actions[bot]
opened
2 years ago
github-actions[bot]
commented
2 years ago
Veracode Software Composition Analysis
Attribute
Details
Library
MySQL Connector/J
Description
JDBC Type 4 driver for MySQL
Language
JAVA
Vulnerability
Usable Expired Certificates
Vulnerability description
mysql-connector-java doesn't check the server's SSL certificate for an expiration date before it establishes the SSL connection. This would allow attackers to use an expired certificate to make requests to the server.
CVE
2017-3586
CVSS score
5.5
Vulnerability present in version/s
5.1.21-5.1.41
Found library version/s
5.1.35
Vulnerability fixed in version
5.1.42
Library latest version
8.0.30
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3962
Patch:
https://github.com/mysql/mysql-connector-j/commit/aeba57264966b0fd329cdb8170ba772fd8fd4de2
Veracode Software Composition Analysis
Links: