Source: mysql-connector-python Version: 8.0.11-1 Severity: grave Tags: security upstream Control: found -1 2.1.6-1
Hi, The following vulnerability was published for mysql-connector-python. CVE-2019-2435[0]: | Vulnerability in the MySQL Connectors component of Oracle MySQL | (subcomponent: Connector/Python). Supported versions that are affected | are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable | vulnerability allows unauthenticated attacker with network access via | TLS to compromise MySQL Connectors. Successful attacks require human | interaction from a person other than the attacker. Successful attacks | of this vulnerability can result in unauthorized creation, deletion or | modification access to critical data or all MySQL Connectors | accessible data as well as unauthorized access to critical data or | complete access to all MySQL Connectors accessible data. CVSS 3.0 Base | Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-2435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2435 [1] http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435 Please adjust the affected versions in the BTS as needed. Regards, Salvatore