[
https://issues.apache.org/jira/browse/SPARK-39540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dongjoon Hyun updated SPARK-39540:
----------------------------------
Summary: Upgrade mysql-connector-java to 8.0.29 (was: Upgrade
mysql-connector-java to 8.0.28)
> Upgrade mysql-connector-java to 8.0.29
> --------------------------------------
>
> Key: SPARK-39540
> URL: https://issues.apache.org/jira/browse/SPARK-39540
> Project: Spark
> Issue Type: Bug
> Components: Build
> Affects Versions: 3.4.0
> Reporter: Bjørn Jørgensen
> Assignee: Bjørn Jørgensen
> Priority: Major
> Fix For: 3.4.0
>
>
> Improper Handling of Insufficient Permissions or Privileges in MySQL
> Connectors Java.
> Vulnerability in the MySQL Connectors product of Oracle MySQL (component:
> Connector/J). Supported versions that are affected are 8.0.27 and prior.
> Difficult to exploit vulnerability allows high privileged attacker with
> network access via multiple protocols to compromise MySQL Connectors.
> Successful attacks of this vulnerability can result in takeover of MySQL
> Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and
> Availability impacts). CVSS Vector:
> (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
> [CVE-2022-21363|https://nvd.nist.gov/vuln/detail/CVE-2022-21363]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
