You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Bjørn Jørgensen (Jira)" <ji...@apache.org> on 2023/04/05 16:51:00 UTC

[jira] [Updated] (SPARK-39540) Upgrade mysql-connector-java to 8.0.29

     [ https://issues.apache.org/jira/browse/SPARK-39540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bjørn Jørgensen updated SPARK-39540:
------------------------------------
    Issue Type: Dependency upgrade  (was: Bug)

> Upgrade mysql-connector-java to 8.0.29
> --------------------------------------
>
>                 Key: SPARK-39540
>                 URL: https://issues.apache.org/jira/browse/SPARK-39540
>             Project: Spark
>          Issue Type: Dependency upgrade
>          Components: Build
>    Affects Versions: 3.4.0
>            Reporter: Bjørn Jørgensen
>            Assignee: Bjørn Jørgensen
>            Priority: Major
>             Fix For: 3.4.0
>
>
> Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java.
> Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
> [CVE-2022-21363|https://nvd.nist.gov/vuln/detail/CVE-2022-21363] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org