Homepage

mysql-connector-python@9.1.0 vulnerabilities

A self-contained Python driver for communicating with MySQL servers, using an API that is compliant with the Python Database API Specification v2.0 (PEP 249).

  • latest version

    9.3.0

  • latest non vulnerable version

    9.3.0

  • first published

    7 years ago

  • latest version published

    4 days ago

  • licenses detected

  • View mysql-connector-python package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the mysql-connector-python package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Arbitrary File Read

    mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification (PEP-249).

    Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to improper validation of the filename field. An attacker could access critical data by exploiting this vulnerability.

    How to fix Arbitrary File Read?

    Upgrade mysql-connector-python to version 9.3.0 or higher.

    [,9.3.0)
    Go back to all versions of this package