Description
MySQL Connector/J before 5.1.35 is vulnerable to SQL Injection. The function quoteIdentifier() in the file src/com/mysql/jdbc/StringUtils.java doesn't check if the identifier is correctly quoted and if quotes within are correctly escaped in the given indentifier, allowing an attacker to inject malicious queries.
HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch refs/heads/master
Vulnerability ID: CVE-2015-2575
Package Name: mysql:mysql-connector-java
Severity: HIGH
CVSS Score: 9.1
Publish Date: 2014-12-06T00:00:00
Current Package Version: 5.1.26
Remediation Upgrade Recommendation: 8.0.20
Link To SCA
Reference – NVD link
Description
MySQL Connector/J before 5.1.35 is vulnerable to SQL Injection. The function quoteIdentifier() in the file src/com/mysql/jdbc/StringUtils.java doesn't check if the identifier is correctly quoted and if quotes within are correctly escaped in the given indentifier, allowing an attacker to inject malicious queries.
HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch refs/heads/master
Vulnerability ID: CVE-2015-2575
Package Name: mysql:mysql-connector-java
Severity: HIGH
CVSS Score: 9.1
Publish Date: 2014-12-06T00:00:00
Current Package Version: 5.1.26
Remediation Upgrade Recommendation: 8.0.20
Link To SCA
Reference – NVD link