com.mysql:mysql-connector-j@8.1.0 vulnerabilities

latest version

9.2.0

first published

2 years ago

latest version published

2 months ago

licenses detected

GPL-2.0
[8.0.31,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.mysql:mysql-connector-j package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Incorrect Default Permissions Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker could achieve remote code execution and compromise MySQL Connectors by exploiting this vulnerability. How to fix Incorrect Default Permissions? A fix was pushed into the `master` branch but not yet published.	[0,)
H Access Control Bypass Affected versions of this package are vulnerable to Access Control Bypass. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Note: Successful attacks of this vulnerability can result in takeover of MySQL Connectors. How to fix Access Control Bypass? Upgrade `com.mysql:mysql-connector-j` to version 8.2.0 or higher.	[,8.2.0)

Incorrect Default Permissions

Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker could achieve remote code execution and compromise MySQL Connectors by exploiting this vulnerability.

How to fix Incorrect Default Permissions?

A fix was pushed into the master branch but not yet published.

[0,)

Access Control Bypass

Affected versions of this package are vulnerable to Access Control Bypass. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change).

Note:

Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

How to fix Access Control Bypass?

Upgrade com.mysql:mysql-connector-j to version 8.2.0 or higher.

[,8.2.0)

Go back to all versions of this package