search

veracode-repository-ruleset / verademo-java-maven

verademo-java-maven
0 stars 0 forks source link

CVE: 2020-2933 found in mysql-connector-java - Version: 5.1.35 [JAVA] #35

Open github-actions[bot] opened 11 months ago

github-actions[bot] commented 11 months ago

Veracode Software Composition Analysis

Attribute Details
Library mysql-connector-java
Description MySQL java connector
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description mysql-connector-java is vulnerable to denial of service. When working with a load balancing setup, if the connection property loadBalanceStrategy was set to bestResponseTime and connections to all the hosts in the original setup failed, a denial of service condition will occur in Connector/J, even if newly-added hosts are available.
CVE 2020-2933
CVSS score 3.5
Vulnerability present in version/s 5.1.6-5.1.48
Found library version/s 5.1.35
Vulnerability fixed in version 5.1.49
Library latest version 8.0.33
Fix

Links:

github-actions[bot] commented 9 months ago

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54