Update dependency mysql:mysql-connector-java to v8 #219
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|
CVE-2022-3510Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar Dependency Hierarchy: -> mysql-connector-java-8.0.16.jar (Root Library) -> ❌ protobuf-java-3.6.1.jar (Vulnerable Library) |
 High |
7.5 | protobuf-java-3.6.1.jar | Upgrade to version: com.google.protobuf:protobuf-javalite:3.19.6 | None |
|
CVE-2022-3509Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar Dependency Hierarchy: -> mysql-connector-java-8.0.16.jar (Root Library) -> ❌ protobuf-java-3.6.1.jar (Vulnerable Library) |
High |
7.5 | protobuf-java-3.6.1.jar | Upgrade to version: com.google.protobuf:protobuf-javalite:3.21.7 | None |
|
CVE-2021-22569Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar Dependency Hierarchy: -> mysql-connector-java-8.0.16.jar (Root Library) -> ❌ protobuf-java-3.6.1.jar (Vulnerable Library) |
High |
7.5 | protobuf-java-3.6.1.jar | Upgrade to version: com.google.protobuf:protobuf-java:3.19.2 | None |
|
CVE-2021-22570Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar Dependency Hierarchy: -> mysql-connector-java-8.0.16.jar (Root Library) -> ❌ protobuf-java-3.6.1.jar (Vulnerable Library) |
 Medium |
6.5 | protobuf-java-3.6.1.jar | Upgrade to version: com.google.protobuf:protobuf-java:3.15.0 | None |
|
CVE-2022-3171Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar Dependency Hierarchy: -> mysql-connector-java-8.0.16.jar (Root Library) -> ❌ protobuf-java-3.6.1.jar (Vulnerable Library) |
Medium |
4.3 | protobuf-java-3.6.1.jar | Upgrade to version: com.google.protobuf:protobuf-javalite:3.21.7 | None |
|
CVE-2021-2471Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/8.0.16/mysql-connector-java-8.0.16.jar Dependency Hierarchy: -> ❌ mysql-connector-java-8.0.16.jar (Vulnerable Library) |
Medium |
5.9 | mysql-connector-java-8.0.16.jar | Upgrade to version: mysql:mysql-connector-java:8.0.27 | None |
|
CVE-2020-2934Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/8.0.16/mysql-connector-java-8.0.16.jar Dependency Hierarchy: -> ❌ mysql-connector-java-8.0.16.jar (Vulnerable Library) |
Medium |
5.0 | mysql-connector-java-8.0.16.jar | Upgrade to version: mysql:mysql-connector-java:5.1.49,8.0.20 | #131 |
|
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2019-2692 | mysql-connector-java-5.1.35.jar |
| CVE-2018-3258 | mysql-connector-java-5.1.35.jar |
| CVE-2020-2933 | mysql-connector-java-5.1.35.jar |
| CVE-2020-2934 | mysql-connector-java-5.1.35.jar |
| CVE-2017-3523 | mysql-connector-java-5.1.35.jar |
| CVE-2020-2875 | mysql-connector-java-5.1.35.jar |
| GHSA-wrr7-33fx-rcvj | jackson-databind-2.8.4.jar |
| CVE-2017-3589 | mysql-connector-java-5.1.35.jar |
| CVE-2017-3586 | mysql-connector-java-5.1.35.jar |
Base branch total remaining vulnerabilities: 207
Base branch commit: 498f371cf2745f3522d79e209a3a246e98a98f3d
Total libraries scanned: 109
Scan token: 087ed1c9b5d44cf4a5b66e6317fc959b