You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Bjørn Jørgensen (Jira)" <ji...@apache.org> on 2022/06/21 08:33:00 UTC
[jira] [Created] (SPARK-39540) Upgrade mysql-connector-java to 8.0.28
Bjørn Jørgensen created SPARK-39540:
---------------------------------------
Summary: Upgrade mysql-connector-java to 8.0.28
Key: SPARK-39540
URL: https://issues.apache.org/jira/browse/SPARK-39540
Project: Spark
Issue Type: Bug
Components: Build
Affects Versions: 3.4.0
Reporter: Bjørn Jørgensen
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java.
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
[CVE-2022-21363|https://nvd.nist.gov/vuln/detail/CVE-2022-21363]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org