Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS13NmYyLTh3eDQtNDdyNc4AAqY0

Incorrect Authorization in MySQL Connector Java

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

Permalink: https://github.com/advisories/GHSA-w6f2-8wx4-47r5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NmYyLTh3eDQtNDdyNc4AAqY0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H

Identifiers: GHSA-w6f2-8wx4-47r5, CVE-2021-2471
References:

• https://nvd.nist.gov/vuln/detail/CVE-2021-2471
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://github.com/advisories/GHSA-w6f2-8wx4-47r5

Blast Radius: 33.9

Affected Packages