CVE: 2022-21363 found in MySQL java connector - Version: 5.1.35 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	MySQL java connector
Description	MySQL java connector
Language	JAVA
Vulnerability	Privilege Escalation
Vulnerability description	mysql-connector is vulnerable to privilege escalation. An attacker can exploit the vulnerability and takeover the MySQL Connectors.
CVE	2022-21363
CVSS score	6
Vulnerability present in version/s	5.1.29-8.0.27
Found library version/s	5.1.35
Vulnerability fixed in version	8.0.28
Library latest version	8.0.31
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/35820
• Patch: https://github.com/mysql/mysql-connector-j/commit/4993d5735fd84a46e7d949ad1bcaa0e9bb039824

[github-actions[bot]]

Veracode issue link to PR: https://github.com/julz0815/test-action/pull/184