CVE: 2017-3586 found in mysql-connector-java - Version: 5.1.35 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	mysql-connector-java
Description	MySQL java connector
Language	JAVA
Vulnerability	Usable Expired Certificates
Vulnerability description	mysql-connector-java doesn't check the server's SSL certificate for an expiration date before it establishes the SSL connection. This would allow attackers to use an expired certificate to make requests to the server.
CVE	2017-3586
CVSS score	5.5
Vulnerability present in version/s	5.1.21-5.1.41
Found library version/s	5.1.35
Vulnerability fixed in version	5.1.42
Library latest version	8.0.33
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1834?version=5.1.35
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/3962
• Patch: https://github.com/mysql/mysql-connector-j/commit/aeba57264966b0fd329cdb8170ba772fd8fd4de2

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54