PT-2023-9630 · Mysql Server · Mysql Connectors

Publicado

2023-12-07

Atualizado

2024-10-17

CVE-2024-21170

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 8.4.0 and prior

Description The issue is related to insufficient input validation in the Connector/Python component of the MySQL Connectors product. This can allow a remote attacker with low privileges and network access via multiple protocols to compromise MySQL Connectors, resulting in unauthorized access to data, including read, update, insert, and delete operations, as well as the ability to cause a partial denial of service.

Recommendations For versions 8.4.0 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-404

Identificadores relacionados

BDU:2024-08910

CVE-2024-21170

Produtos afetados

Mysql Connectors

PT-2023-9630 · Mysql Server · Mysql Connectors

CVE-2024-21170

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10