Package: mysql-connector-java X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for mysql-connector-java. CVE-2018-3258[0]: | Vulnerability in the MySQL Connectors component of Oracle MySQL | (subcomponent: Connector/J). Supported versions that are affected are | 8.0.12 and prior. Easily exploitable vulnerability allows low | privileged attacker with network access via multiple protocols to | compromise MySQL Connectors. Successful attacks of this vulnerability | can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 | (Confidentiality, Integrity and Availability impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-3258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3258 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature