You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Bjørn Jørgensen (Jira)" <ji...@apache.org> on 2022/06/21 08:33:00 UTC

[jira] [Created] (SPARK-39540) Upgrade mysql-connector-java to 8.0.28

Bjørn Jørgensen created SPARK-39540:
---------------------------------------

             Summary: Upgrade mysql-connector-java to 8.0.28
                 Key: SPARK-39540
                 URL: https://issues.apache.org/jira/browse/SPARK-39540
             Project: Spark
          Issue Type: Bug
          Components: Build
    Affects Versions: 3.4.0
            Reporter: Bjørn Jørgensen


Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java.

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

[CVE-2022-21363|https://nvd.nist.gov/vuln/detail/CVE-2022-21363] 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org