You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Dongjoon Hyun (Jira)" <ji...@apache.org> on 2022/06/22 00:51:00 UTC

[jira] [Resolved] (SPARK-39540) Upgrade mysql-connector-java to 8.0.28

     [ https://issues.apache.org/jira/browse/SPARK-39540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dongjoon Hyun resolved SPARK-39540.
-----------------------------------
    Fix Version/s: 3.4.0
       Resolution: Fixed

Issue resolved by pull request 36938
[https://github.com/apache/spark/pull/36938]

> Upgrade mysql-connector-java to 8.0.28
> --------------------------------------
>
>                 Key: SPARK-39540
>                 URL: https://issues.apache.org/jira/browse/SPARK-39540
>             Project: Spark
>          Issue Type: Bug
>          Components: Build
>    Affects Versions: 3.4.0
>            Reporter: Bjørn Jørgensen
>            Assignee: Bjørn Jørgensen
>            Priority: Major
>             Fix For: 3.4.0
>
>
> Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java.
> Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
> [CVE-2022-21363|https://nvd.nist.gov/vuln/detail/CVE-2022-21363] 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org