CVE-2024-21272 – mysql-connector-python

Package

Manager: pip
Name: mysql-connector-python
Vulnerable Version: >=0 <9.1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00353 pctl0.56943

Details

MySQL Connector/Python connector takeover vulnerability Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

Metadata

Created: 2024-10-15T21:30:39Z
Modified: 2024-10-24T16:45:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-hgjp-83m4-h4fj/GHSA-hgjp-83m4-h4fj.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-hgjp-83m4-h4fj
Finding: F297
Auto approve: 1