Skip to content

[Snyk] Security upgrade mysql:mysql-connector-java from 5.1.26 to 8.0.27#9

Closed
msant262 wants to merge 1 commit intomainfrom
snyk-fix-44ec078b98d46e2dc045919f79554a84
Closed

[Snyk] Security upgrade mysql:mysql-connector-java from 5.1.26 to 8.0.27#9
msant262 wants to merge 1 commit intomainfrom
snyk-fix-44ec078b98d46e2dc045919f79554a84

Conversation

@msant262
Copy link

@msant262 msant262 commented May 29, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
medium severity XML External Entity (XXE) Injection
SNYK-JAVA-MYSQL-1766958		   418   mysql:mysql-connector-java:
5.1.26 -> 8.0.27
Major version upgrade No Path Found Proof of Concept

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection

@snyk-bot
fix: pom.xml to reduce vulnerabilities
b1a8bcc 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-MYSQL-1766958
@msant262
Copy link
Author

msant262 commented May 29, 2025
edited
Loading

Snyk checks have failed. 4 issues have been found so far.

Icon Severity Issues
Critical 0
High 3
Medium 1
Low 0

security/snyk check is complete. 4 issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@Edunova8
Copy link
Contributor

Edunova8 commented May 29, 2025

Logo
Checkmarx One – Scan Summary & Detailsa759dab5-d1e1-4ff1-84b7-799024e676ff

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2022-3171 Maven-com.google.protobuf:protobuf-java-3.11.4
detailsRecommended version: 3.25.5
Description: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.16.3, 3.17.0-rc-1 prior to 3.19.6, 3.20.0-rc-1 prior to 3.20.3 ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: EMx5TR0oPG%2FbEFchgtoJcRmMbnyBfxfEOxE%2BMvqCkuc%3D
Vulnerable Package
HIGH CVE-2022-3509 Maven-com.google.protobuf:protobuf-java-3.11.4
detailsRecommended version: 3.25.5
Description: A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.16.3, 3.17.x prior to 3.19.6, 3.20...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: CUCQtSm2n4XPA0g1E58wOiCaujb%2FoN7qd5WvbUJbhQo%3D
Vulnerable Package
HIGH CVE-2022-3510 Maven-com.google.protobuf:protobuf-java-3.11.4
detailsRecommended version: 3.25.5
Description: A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions through 3.16.2, 3.17.0-rc-1 thro...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: G1tjVi3ap%2Bem%2B%2FKQ950CZ9WykuQqNn0OLplxucIWSjE%3D
Vulnerable Package
HIGH CVE-2024-7254 Maven-com.google.protobuf:protobuf-java-3.11.4
detailsRecommended version: 3.25.5
Description: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups/series of SGROUP tags can corrupted by exce...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: uSVGBvTFpqwzHyY1ZnKeCHVvjEsMyOIY36O4uB72hTY%3D
Vulnerable Package
MEDIUM CVE-2021-22569 Maven-com.google.protobuf:protobuf-java-3.11.4
detailsRecommended version: 3.25.5
Description: An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order...
Attack Vector: LOCAL
Attack Complexity: LOW

ID: a2Kjcc1bA89iMsrM%2BNMOEfaozalgAuJvZk2eSxjoihs%3D
Vulnerable Package
Fixed Issues (19)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH CVE-2015-2575 Maven-mysql:mysql-connector-java-5.1.26
HIGH CVE-2017-3523 Maven-mysql:mysql-connector-java-5.1.26
HIGH CVE-2018-3258 Maven-mysql:mysql-connector-java-5.1.26
HIGH Cx039cb67c-ead3 Maven-mysql:mysql-connector-java-5.1.26
HIGH Cx6f651376-312a Maven-mysql:mysql-connector-java-5.1.26
HIGH Cx7ef609d2-efb5 Maven-mysql:mysql-connector-java-5.1.26
MEDIUM CVE-2012-6708 Npm-jquery-1.6.4
MEDIUM CVE-2015-9251 Npm-jquery-1.6.4
MEDIUM CVE-2017-3586 Maven-mysql:mysql-connector-java-5.1.26
MEDIUM CVE-2019-11358 Npm-jquery-1.6.4
MEDIUM CVE-2019-2692 Maven-mysql:mysql-connector-java-5.1.26
MEDIUM CVE-2020-11023 Npm-jquery-1.6.4
MEDIUM CVE-2020-2875 Maven-mysql:mysql-connector-java-5.1.26
MEDIUM CVE-2020-2934 Maven-mysql:mysql-connector-java-5.1.26
MEDIUM CVE-2020-7656 Npm-jquery-1.6.4
MEDIUM CVE-2021-2471 Maven-mysql:mysql-connector-java-5.1.26
MEDIUM Cxf0b588a3-5c6f Npm-jquery-1.6.4
LOW CVE-2017-3589 Maven-mysql:mysql-connector-java-5.1.26
LOW CVE-2020-2933 Maven-mysql:mysql-connector-java-5.1.26

@Edunova8 Edunova8 closed this May 29, 2025
@Edunova8 Edunova8 deleted the snyk-fix-44ec078b98d46e2dc045919f79554a84 branch July 4, 2025 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msant262 @Edunova8 @snyk-bot