issues
search
gwhittemore-veracode
/
Veracode-GW-Training-demo
1
stars
0
forks
source link
CVE: 2017-3586 found in mysql-connector-java - Version: 5.1.35 [JAVA]
#164
Open
github-actions[bot]
opened
1 year ago
github-actions[bot]
commented
1 year ago
Veracode Software Composition Analysis
Attribute
Details
Library
mysql-connector-java
Description
MySQL java connector
Language
JAVA
Vulnerability
Usable Expired Certificates
Vulnerability description
mysql-connector-java doesn't check the server's SSL certificate for an expiration date before it establishes the SSL connection. This would allow attackers to use an expired certificate to make requests to the server.
CVE
2017-3586
CVSS score
5.5
Vulnerability present in version/s
5.1.21-5.1.41
Found library version/s
5.1.35
Vulnerability fixed in version
5.1.42
Library latest version
8.0.33
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3962
Patch:
https://github.com/mysql/mysql-connector-j/commit/aeba57264966b0fd329cdb8170ba772fd8fd4de2
Veracode Software Composition Analysis
Links: