Lucene search

Veracode Vulnerability DatabaseVERACODE:4201

HistoryMay 05, 2017 - 6:47 a.m.

Database Overwrite

2017-05-0506:47:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

20.2%

JSON

mysql-connector-java is vulnerable to database overwrite. The library does not clear the cache of preparedstatements after there has been a catalog change, allowing a malicious user to use cached prepared SQL statements against a new catalog.

CPENameOperatorVersion
mysql-connector-javale5.1.41

CPE	Name	Operator	Version
	mysql-connector-java	le	5.1.41

References

www.debian.org/security/2017/dsa-3857

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

www.securityfocus.com/bid/97836

www.securitytracker.com/id/1038287

bugs.mysql.com/bug.php?id=66430

bugzilla.novell.com/show_bug.cgi?id=1035210

github.com/mysql/mysql-connector-j/blob/5.1.42/CHANGES

github.com/mysql/mysql-connector-j/commit/44631dd316e3da818fb593f02dbbe30308a937e0

0.001 Low

EPSS

Percentile

20.2%

JSON

Related for VERACODE:4201