CVE: 2017-3523 found in MySQL java connector - Version: 5.1.35 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	MySQL java connector
Description	MySQL java connector
Language	JAVA
Vulnerability	Improper Automatic Deserialization
Vulnerability description	mysql-connector-java is vulnerable to deserialization attacks. The vulnerability exists as there is an improper automatic deserialization issue in the getNativeConvertToString function of ResultSetImpl.
CVE	2017-3523
CVSS score	6
Vulnerability present in version/s	5.1.1-5.1.40
Found library version/s	5.1.35
Vulnerability fixed in version	5.1.41
Library latest version	8.0.31
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3966
• Patch: https://github.com/mysql/mysql-connector-j/commit/6189e718de5b6c6115aee45dd7a480081c129d68

[github-actions[bot]]

Veracode issue link to PR: https://github.com/julz0815/test-action/pull/184