Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE: 2017-3586 found in MySQL Connector/J - Version: 5.1.35 [JAVA] #847

Open
github-actions bot opened this issue Sep 24, 2022 · 0 comments
Open

CVE: 2017-3586 found in MySQL Connector/J - Version: 5.1.35 [JAVA] #847

github-actions bot opened this issue Sep 24, 2022 · 0 comments
Labels
Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability

Comments

@github-actions
Copy link

Veracode Software Composition Analysis

Attribute Details
Library MySQL Connector/J
Description JDBC Type 4 driver for MySQL
Language JAVA
Vulnerability Usable Expired Certificates
Vulnerability description mysql-connector-java doesn't check the server's SSL certificate for an expiration date before it establishes the SSL connection. This would allow attackers to use an expired certificate to make requests to the server.
CVE 2017-3586
CVSS score 5.5
Vulnerability present in version/s 5.1.21-5.1.41
Found library version/s 5.1.35
Vulnerability fixed in version 5.1.42
Library latest version 8.0.30
Fix

Links:
@github-actions github-actions bot added Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability labels Sep 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants