search

veracode-repository-ruleset / verademo-java-maven

verademo-java-maven
0 stars 0 forks source link

CVE: 2017-3589 found in mysql-connector-java - Version: 5.1.35 [JAVA] #33

Open github-actions[bot] opened 11 months ago

github-actions[bot] commented 11 months ago

Veracode Software Composition Analysis

Attribute Details
Library mysql-connector-java
Description MySQL java connector
Language JAVA
Vulnerability Database Overwrite
Vulnerability description mysql-connector-java is vulnerable to database overwrite. The library does not clear the cache of preparedstatements after there has been a catalog change, allowing a malicious user to use cached prepared SQL statements against a new catalog.
CVE 2017-3589
CVSS score 2.1
Vulnerability present in version/s 5.1.1-5.1.41
Found library version/s 5.1.35
Vulnerability fixed in version 5.1.42
Library latest version 8.0.33
Fix

Links:

github-actions[bot] commented 9 months ago

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54