CVE: 2017-3523 found in MySQL Connector/J - Version: 5.1.35 [JAVA] #839
Description
Veracode Software Composition Analysis
| Attribute | Details |
|---|---|
| Library | MySQL Connector/J |
| Description | JDBC Type 4 driver for MySQL |
| Language | JAVA |
| Vulnerability | Improper Automatic Deserialization |
| Vulnerability description | mysql-connector-java is vulnerable to deserialization attacks. The vulnerability exists as there is an improper automatic deserialization issue in the getNativeConvertToString function of ResultSetImpl. |
| CVE | 2017-3523 |
| CVSS score | 6 |
| Vulnerability present in version/s | 5.1.1-5.1.40 |
| Found library version/s | 5.1.35 |
| Vulnerability fixed in version | 5.1.41 |
| Library latest version | 8.0.30 |
| Fix |
Links: