issues
search
gwhittemore-veracode
/
Veracode-GW-Training-demo
1
stars
0
forks
source link
CVE: 2017-3523 found in MySQL java connector - Version: 5.1.35 [JAVA]
#20
Open
github-actions[bot]
opened
2 years ago
github-actions[bot]
commented
2 years ago
Veracode Software Composition Analysis
Attribute
Details
Library
MySQL java connector
Description
MySQL java connector
Language
JAVA
Vulnerability
Improper Automatic Deserialization
Vulnerability description
mysql-connector-java is vulnerable to deserialization attacks. The vulnerability exists as there is an improper automatic deserialization issue in the
getNativeConvertToString
function of
ResultSetImpl
.
CVE
2017-3523
CVSS score
6
Vulnerability present in version/s
5.1.1-5.1.40
Found library version/s
5.1.35
Vulnerability fixed in version
5.1.41
Library latest version
8.0.30
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3966
Patch:
https://github.com/mysql/mysql-connector-j/commit/6189e718de5b6c6115aee45dd7a480081c129d68
Veracode Software Composition Analysis
getNativeConvertToString
function ofResultSetImpl
.Links: