Access Control Bypass Affecting mysql-connector package, versions [,2.1.6)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.05% (20th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MYSQLCONNECTOR-451467
- published 3 Jul 2019
- disclosed 24 Apr 2017
- credit Unknown
Introduced: 24 Apr 2017
CVE-2017-3590 Open this link in a new tabHow to fix?
Upgrade mysql-connector
to version 2.1.6 or higher.
Overview
mysql-connector is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API . This project has been moved to mysql-connector-python.
Affected versions of this package are vulnerable to Access Control Bypass. It is possible for a privileged attacker with logon privileges to the infrastructure to compromise MySQL Connectors and update, insert or delete access to some of MySQL Connectors accessible data.