Replace dependency mysql:mysql-connector-java with com.mysql:mysql-connector-j #95
Mend for GitHub.com / Mend Security Check
failed
Feb 24, 2025 in 6m 54s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-22102Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> ❌ mysql-connector-j-8.0.33.jar (Vulnerable Library) |
 High |
8.3 | mysql-connector-j-8.0.33.jar | Upgrade to version: com.mysql:mysql-connector-j:8.2.0 | None |
CVE-2024-7254Path to dependency file: /pom.xml Path to vulnerable library: /pom.xml Dependency Hierarchy: -> mysql-connector-j-8.0.33.jar (Root Library) -> ❌ protobuf-java-3.21.9.jar (Vulnerable Library) |
High |
7.5 | protobuf-java-3.21.9.jar | Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2020-2875 | mysql-connector-java-5.1.24.jar |
| CVE-2015-2575 | mysql-connector-java-5.1.24.jar |
| CVE-2017-3586 | mysql-connector-java-5.1.24.jar |
| CVE-2017-3589 | mysql-connector-java-5.1.24.jar |
| CVE-2017-3523 | mysql-connector-java-5.1.24.jar |
| CVE-2023-22102 | mysql-connector-java-5.1.24.jar |
| CVE-2022-22965 | spring-beans-5.0.7.RELEASE.jar |
| CVE-2020-2934 | mysql-connector-java-5.1.24.jar |
| CVE-2022-21363 | mysql-connector-java-5.1.24.jar |
| CVE-2020-2933 | mysql-connector-java-5.1.24.jar |
| CVE-2022-22970 | spring-beans-5.0.7.RELEASE.jar |
| CVE-2019-2692 | mysql-connector-java-5.1.24.jar |
Base branch total remaining vulnerabilities: 51
Base branch commit: null
Total libraries scanned: 63
Scan token: 05ecb9e71b124a4584ce22d2a1b176ff
Loading