Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yY2YzLWcyNDMtaGhmeM4AASTB
MySQL Connectors Privilege Escalation
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Permalink: https://github.com/advisories/GHSA-2cf3-g243-hhfxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY2YzLWcyNDMtaGhmeM4AASTB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 14 days ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-2cf3-g243-hhfx, CVE-2017-3590
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-3590
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.securityfocus.com/bid/97840
- http://www.securitytracker.com/id/1038287
- https://github.com/advisories/GHSA-2cf3-g243-hhfx
Affected Packages
pypi:mysql-connector-python
Dependent packages: 305Dependent repositories: 14,842
Downloads: 19,661,301 last month
Affected Version Ranges: <= 2.1.5
No known fixed version
All affected versions: 1.0.5, 1.0.7, 1.0.9, 1.0.10, 1.0.12, 1.1.4, 1.1.5, 1.1.6, 1.2.2, 1.2.3, 2.0.1, 2.0.2, 2.0.3, 2.0.4