[ https://issues.apache.org/jira/browse/SPARK-39540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dongjoon Hyun reassigned SPARK-39540: ------------------------------------- Assignee: Bjørn Jørgensen > Upgrade mysql-connector-java to 8.0.28 > -------------------------------------- > > Key: SPARK-39540 > URL: https://issues.apache.org/jira/browse/SPARK-39540 > Project: Spark > Issue Type: Bug > Components: Build > Affects Versions: 3.4.0 > Reporter: Bjørn Jørgensen > Assignee: Bjørn Jørgensen > Priority: Major > > Improper Handling of Insufficient Permissions or Privileges in MySQL > Connectors Java. > Vulnerability in the MySQL Connectors product of Oracle MySQL (component: > Connector/J). Supported versions that are affected are 8.0.27 and prior. > Difficult to exploit vulnerability allows high privileged attacker with > network access via multiple protocols to compromise MySQL Connectors. > Successful attacks of this vulnerability can result in takeover of MySQL > Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and > Availability impacts). CVSS Vector: > (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). > [CVE-2022-21363|https://nvd.nist.gov/vuln/detail/CVE-2022-21363] -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org