Source: mysql-connector-python Version: 8.0.15-4 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for mysql-connector-python. CVE-2024-21090[0]: | Vulnerability in the MySQL Connectors product of Oracle MySQL | (component: Connector/Python). Supported versions that are affected | are 8.3.0 and prior. Easily exploitable vulnerability allows | unauthenticated attacker with network access via multiple protocols | to compromise MySQL Connectors. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS | 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21170[1]: | Vulnerability in the MySQL Connectors product of Oracle MySQL | (component: Connector/Python). Supported versions that are affected | are 8.4.0 and prior. Easily exploitable vulnerability allows low | privileged attacker with network access via multiple protocols to | compromise MySQL Connectors. Successful attacks of this | vulnerability can result in unauthorized update, insert or delete | access to some of MySQL Connectors accessible data as well as | unauthorized read access to a subset of MySQL Connectors accessible | data and unauthorized ability to cause a partial denial of service | (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.3 | (Confidentiality, Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-21090 https://www.cve.org/CVERecord?id=CVE-2024-21090 [1] https://security-tracker.debian.org/tracker/CVE-2024-21170 https://www.cve.org/CVERecord?id=CVE-2024-21170 Regards, Salvatore
