Hi, I stumbled upon a vulnerability introduced by package mysql-connector-java-8.0.15.jar:
Issue Description
When I build the project, I notice that package mysql-connector-java-8.0.15 with some vulnerabilities (CVE-2022-21363, CVE-2021-2471, CVE-2019-2692) is packaged in the server module (/server/src/main/webapp/WEB-INF/lib/mysql-connector-java-8.0.15.jar). I know that this project loads mysql-connector-java in TestDataSource.connectdb() by reflection at run time.
Why is the project referencing this third-party library in a dynamically loaded manner instead of using maven for dependency management?
Is it possible to update mysql-connector-java to remove these vulnerabilities?
Suggested Solution
Maybe you can try to upgrade mysql-connector-java to 8.0.28 or higher.
Note:
mysql-connector-java@8.0.28(>=8.0.28) has fixed all vulnerabilities.
Of course, you are welcome to share other ways to resolve the issue.
Thank you for your attention to this issue and welcome to share other ways to resolve the issue.
Best regards,
^_^
Hi, I stumbled upon a vulnerability introduced by package mysql-connector-java-8.0.15.jar:
Issue Description
When I build the project, I notice that package mysql-connector-java-8.0.15 with some vulnerabilities (CVE-2022-21363, CVE-2021-2471, CVE-2019-2692) is packaged in the server module (/server/src/main/webapp/WEB-INF/lib/mysql-connector-java-8.0.15.jar). I know that this project loads mysql-connector-java in TestDataSource.connectdb() by reflection at run time.
Why is the project referencing this third-party library in a dynamically loaded manner instead of using maven for dependency management?
Is it possible to update mysql-connector-java to remove these vulnerabilities?
Suggested Solution
Maybe you can try to upgrade mysql-connector-java to 8.0.28 or higher.
Note:
mysql-connector-java@8.0.28(>=8.0.28) has fixed all vulnerabilities.
Of course, you are welcome to share other ways to resolve the issue.
Thank you for your attention to this issue and welcome to share other ways to resolve the issue.
Best regards,
^_^