[Snyk] Upgrade mysql:mysql-connector-java from 5.1.25 to 5.1.49 by nirw · Pull Request #5 · NirCheckmarx/easybuggy

nirw · 2023-03-06T22:03:29Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mysql:mysql-connector-java from 5.1.25 to 5.1.49.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 24 versions ahead of your current version.
The recommended version was released 3 years ago, on 2020-04-20.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Access Control SNYK-JAVA-MYSQL-31399	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-MYSQL-31580	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
SQL Injection SNYK-JAVA-MYSQL-451460	639/1000 Why? Has a fix available, CVSS 8.5	Mature
Improper Access Control SNYK-JAVA-MYSQL-31449	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mysql:mysql-connector-java from 5.1.25 to 5.1.49. See this package in Maven Repository: https://mvnrepository.com/artifact/mysql/mysql-connector-java/ See this project in Snyk: https://app.snyk.io/org/nirw/project/9edc657e-bf68-42eb-992e-9855b03119ff?utm_source=github&utm_medium=referral&page=upgrade-pr

nirw · 2023-03-06T22:05:47Z

Checkmarx One – Scan Summary & Details – a2f71108-c44d-4c34-b56f-30ad807b1a35

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2022-34169	Maven-xalan:xalan-2.7.0	Vulnerable Package
CVE-2023-24998	Maven-commons-fileupload:commons-fileupload-1.3.1	Vulnerable Package
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java: 24	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java: 27	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java: 22	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java: 22	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java: 22	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java: 21	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java: 21	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java: 86	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java: 35	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java: 27	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java: 27	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/dfi/includable.jsp: 28	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/uid/serverinfo.jsp: 25	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/uid/clientinfo.jsp: 24	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/dt/includable.jsp: 24	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/dfi/includable.jsp: 12	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/dt/includable.jsp: 12	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/uid/serverinfo.jsp: 12	Attack Vector
Reflected_XSS_All_Clients	/src/main/webapp/uid/clientinfo.jsp: 12	Attack Vector
Stored_XSS	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java: 69	Attack Vector
Stored_XSS	/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java: 68	Attack Vector
Stored_XSS	/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java: 128	Attack Vector
Stored_XSS	/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java: 56	Attack Vector
Stored_XSS	/src/main/java/org/t246osslab/easybuggy/troubles/FileDescriptorLeakServlet.java: 53	Attack Vector
CVE-2012-6153	Maven-commons-httpclient:commons-httpclient-3.1	Vulnerable Package
CVE-2018-1313	Maven-org.apache.derby:derby-10.8.3.0	Vulnerable Package
Cleartext_Submission_of_Sensitive_Information	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java: 73	Attack Vector
Cleartext_Submission_of_Sensitive_Information	/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java: 72	Attack Vector
Heap_Inspection	/src/main/java/org/t246osslab/easybuggy/core/utils/ApplicationUtils.java: 44	Attack Vector

Fixed Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2015-2575	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
CVE-2017-3523	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
CVE-2018-3258	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
Cx039cb67c-ead3	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
Cx6f651376-312a	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
Cx7ef609d2-efb5	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java: 39	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java: 39	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java: 86	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java: 35	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java: 27	Attack Vector
Reflected_XSS_All_Clients	/src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java: 27	Attack Vector
CVE-2017-3586	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
CVE-2020-2875	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
CVE-2020-2934	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
CVE-2017-3589	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package
CVE-2020-2933	Maven-mysql:mysql-connector-java-5.1.25	Vulnerable Package

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade mysql:mysql-connector-java from 5.1.25 to 5.1.49#5

[Snyk] Upgrade mysql:mysql-connector-java from 5.1.25 to 5.1.49#5
nirw wants to merge 1 commit into
masterfrom
snyk-upgrade-e2918d6a9a2725cd7f172ea46541eaa7

nirw commented Mar 6, 2023

Uh oh!

nirw commented Mar 6, 2023 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

nirw commented Mar 6, 2023

Snyk has created this PR to upgrade mysql:mysql-connector-java from 5.1.25 to 5.1.49.

Uh oh!

nirw commented Mar 6, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

New Issues

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

nirw commented Mar 6, 2023 •

edited

Loading