GHSA-w6f2-8wx4-47r5

Source

https://github.com/advisories/GHSA-w6f2-8wx4-47r5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w6f2-8wx4-47r5/GHSA-w6f2-8wx4-47r5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w6f2-8wx4-47r5

Aliases

CVE-2021-2471

Published

2022-05-24T19:18:20Z

Modified

2023-11-01T04:54:44.729677Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

Incorrect Authorization in MySQL Connector Java

Details

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

References

Affected packages

Maven / mysql:mysql-connector-java

Package

Name: mysql:mysql-connector-java; View open source insights on deps.dev
Purl: pkg:maven/mysql/mysql-connector-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.27

Affected versions

8.*

8.0.7-dmr

8.0.8-dmr

8.0.9-rc

8.0.11

8.0.12

8.0.13

8.0.14

8.0.15

8.0.16

8.0.17

8.0.18

8.0.19

8.0.20

8.0.21

8.0.22

8.0.23

8.0.24

8.0.25

8.0.26

Database specific

{
    "last_known_affected_version_range": "<= 8.0.26"
}