CVE: 2020-2933 found in MySQL Connector/J - Version: 5.1.35 [JAVA] #841
Description
Veracode Software Composition Analysis
| Attribute | Details |
|---|---|
| Library | MySQL Connector/J |
| Description | JDBC Type 4 driver for MySQL |
| Language | JAVA |
| Vulnerability | Denial Of Service (DoS) |
| Vulnerability description | mysql-connector-java is vulnerable to denial of service. When working with a load balancing setup, if the connection property loadBalanceStrategy was set to bestResponseTime and connections to all the hosts in the original setup failed, a denial of service condition will occur in Connector/J, even if newly-added hosts are available. |
| CVE | 2020-2933 |
| CVSS score | 3.5 |
| Vulnerability present in version/s | 5.1.6-5.1.48 |
| Found library version/s | 5.1.35 |
| Vulnerability fixed in version | 5.1.49 |
| Library latest version | 8.0.30 |
| Fix |
Links: