Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13NmYyLTh3eDQtNDdyNc4AAqY0

Incorrect Authorization in MySQL Connector Java

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

Permalink: https://github.com/advisories/GHSA-w6f2-8wx4-47r5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NmYyLTh3eDQtNDdyNc4AAqY0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H

EPSS Percentage: 0.00063
EPSS Percentile: 0.28519

Identifiers: GHSA-w6f2-8wx4-47r5, CVE-2021-2471
References: Blast Radius: 33.9

Affected Packages

maven:mysql:mysql-connector-java
Dependent packages: 6,378
Dependent repositories: 562,953
Downloads:
Affected Version Ranges: >= 8.0.0, <= 8.0.26
Fixed in: 8.0.27
All affected versions: 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26
All unaffected versions: 2.0.14, 3.0.8, 3.0.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.7, 5.0.8, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40, 5.1.41, 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.1.47, 5.1.48, 5.1.49, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33