Update dependency mysql:mysql-connector-java to v5.1.21 #495
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2017-3523Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
 High |
8.5 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:5.1.41 | #6 |
CVE-2023-22102Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
High |
8.3 | mysql-connector-java-5.1.21.jar | Upgrade to version: com.mysql:mysql-connector-j:8.2.0 | #472 |
CVE-2022-21363Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
 Medium |
6.6 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:8.0.28 | #333 |
CVE-2024-6484Path to dependency file: /api/pacman-api-auth/pom.xml Path to vulnerable library: /api/pacman-api-auth/pom.xml Dependency Hierarchy: -> ❌ bootstrap-3.3.2.jar (Vulnerable Library) |
Medium |
6.4 | bootstrap-3.3.2.jar | Upgrade to version: org.webjars.npm:bootstrap - 4.0.0-alpha.2;bootstrap.sass - 4.0.0-alpha;twbs/bootstrap - dev-dependabot/npm_and_yarn/rtlcss-3.1.1,dev-dependabot/npm_and_yarn/nodemon-3.1.3,dev-XhmikosR-patch-3,dev-dependabot/npm_and_yarn/rtlcss-3.4.0,dev-dependabot/npm_and_yarn/find-unused-sass-variables-3.1.0,dev-dependabot/npm_and_yarn/linkinator-2.4.0,dev-dependabot/npm_and_yarn/rollup-3.5.0,dev-dependabot/npm_and_yarn/nodemon-3.0.1,dev-dependabot/npm_and_yarn/rollup-3.2.5,dev-dependabot/npm_and_yarn/nodemon-3.0.2,dev-dependabot/npm_and_yarn/nodemon-3.0.3;bootstrap - 4.0.0;bootstrap - 3.3.6-jQuery3,4.0.0-alpha;org.webjars:bootstrap - 4.0.0-alpha | None |
CVE-2017-3586Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
Medium |
6.4 | mysql-connector-java-5.1.21.jar | Upgrade to version: 5.1.42 | #142 |
CVE-2019-2692Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
Medium |
6.3 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:8.0.16 | #7 |
CVE-2020-2934Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
Medium |
5.0 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:5.1.49,8.0.20 | #121 |
CVE-2020-2875Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
Medium |
4.7 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:5.1.49,8.0.15 | #89 |
CVE-2015-2575Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
Medium |
4.2 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:5.1.35 | #337 |
CVE-2017-3589Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
 Low |
3.3 | mysql-connector-java-5.1.21.jar | Upgrade to version: 5.1.42 | #135 |
CVE-2020-2933Path to dependency file: /jobs/pacman-cloud-discovery/pom.xml Path to vulnerable library: /jobs/pacman-cloud-discovery/pom.xml,/jobs/pacman-cloud-notifications/pom.xml,/jobs/recommendation-enricher/pom.xml,/jobs/pacman-data-shipper/pom.xml,/jobs/pacman-qualys-enricher/pom.xml Dependency Hierarchy: -> ❌ mysql-connector-java-5.1.21.jar (Vulnerable Library) |
Low |
2.2 | mysql-connector-java-5.1.21.jar | Upgrade to version: mysql:mysql-connector-java:5.1.49 | #117 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2024-38819 | spring-webmvc-5.0.8.RELEASE.jar |
| CVE-2020-2934 | mysql-connector-java-5.1.17.jar |
| CVE-2019-2692 | mysql-connector-java-5.1.17.jar |
| CVE-2017-3586 | mysql-connector-java-5.1.17.jar |
| CVE-2017-3523 | mysql-connector-java-5.1.17.jar |
| CVE-2023-22102 | mysql-connector-java-5.1.17.jar |
| CVE-2012-6153 | commons-httpclient-3.1.jar |
| CVE-2020-2875 | mysql-connector-java-5.1.17.jar |
| CVE-2020-2933 | mysql-connector-java-5.1.17.jar |
| CVE-2024-38820 | spring-context-5.0.8.RELEASE.jar |
| CVE-2015-2575 | mysql-connector-java-5.1.17.jar |
| CVE-2022-21363 | mysql-connector-java-5.1.17.jar |
| CVE-2024-35195 | requests-2.31.0-py3-none-any.whl |
| CVE-2017-3589 | mysql-connector-java-5.1.17.jar |
| CVE-2024-38821 | spring-security-web-5.0.7.RELEASE.jar |
Base branch total remaining vulnerabilities: 479
Base branch commit: acf9a0620c1a37cee4f2896d71e1c3731c5c7b06
Total libraries scanned: 377
Scan token: e46817426865472e99774e8ec2f8ab8d