[Snyk] Upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49 #7

Dobridp · 2025-03-27T16:12:20Z

Snyk has created this PR to upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 23 versions ahead of your current version.
The recommended version was released 5 years ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Improper Access Control SNYK-JAVA-MYSQL-31399	639	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-MYSQL-31580	639	No Known Exploit
SQL Injection SNYK-JAVA-MYSQL-451460	639	Mature
Improper Access Control SNYK-JAVA-MYSQL-31449	639	No Known Exploit

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49. See this package in maven: mysql:mysql-connector-java See this project in Snyk: https://app.us.snyk.io/org/nova8-techsales-team/project/d209c361-daeb-47df-82df-32e139c70421?utm_source=github&utm_medium=referral&page=upgrade-pr

msant262 · 2025-03-27T16:14:38Z

Checkmarx One – Scan Summary & Details – 780f1b57-f711-41e3-80de-de88fed18811

New Issues (139)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
SQL_Injection	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16	details The application's method executes an SQL query with executeQuery, at line 16 of /src/main/webapp/vulnerability/DisplayMessage.jsp. The application... Attack Vector
SQL_Injection	/src/main/webapp/ForgotPassword.jsp: 42	details The application's method executes an SQL query with executeQuery, at line 42 of /src/main/webapp/ForgotPassword.jsp. The application constructs th... Attack Vector
SQL_Injection	/src/main/webapp/ForgotPassword.jsp: 42	details The application's method executes an SQL query with executeQuery, at line 42 of /src/main/webapp/ForgotPassword.jsp. The application constructs th... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forumposts.jsp: 9	details The application's method executes an SQL query with executeQuery, at line 14 of /src/main/webapp/vulnerability/forumposts.jsp. The application con... Attack Vector
SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 11	details The application's method executes an SQL query with executeQuery, at line 19 of /src/main/webapp/admin/adminlogin.jsp. The application constructs ... Attack Vector
SQL_Injection	/src/main/webapp/admin/manageusers.jsp: 13	details The application's method executes an SQL query with executeUpdate, at line 14 of /src/main/webapp/admin/manageusers.jsp. The application construct... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp: 28	details The application's method executes an SQL query with executeUpdate, at line 32 of /src/main/webapp/vulnerability/idor/change-email.jsp. The applica... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 41	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application constru... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 42	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application constru... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 43	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application constru... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/UserDetails.jsp: 8	details The application's method executes an SQL query with executeQuery, at line 13 of /src/main/webapp/vulnerability/UserDetails.jsp. The application co... Attack Vector
SQL_Injection	/src/main/webapp/myprofile.jsp: 16	details The application's method executes an SQL query with executeQuery, at line 21 of /src/main/webapp/myprofile.jsp. The application constructs this SQ... Attack Vector
SQL_Injection	/src/main/webapp/myprofile.jsp: 16	details The application's method executes an SQL query with executeQuery, at line 29 of /src/main/webapp/myprofile.jsp. The application constructs this SQ... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id.jsp: 18	details The application's method executes an SQL query with executeQuery, at line 24 of /src/main/webapp/vulnerability/sqli/download_id.jsp. The applicati... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18	details The application's method executes an SQL query with executeQuery, at line 24 of /src/main/webapp/vulnerability/sqli/download_id_union.jsp. The app... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/csrf/change-info.jsp: 26	details The application's method executes an SQL query with executeUpdate, at line 31 of /src/main/webapp/vulnerability/csrf/change-info.jsp. The applicat... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp: 27	details The application's method executes an SQL query with executeUpdate, at line 32 of /src/main/webapp/vulnerability/idor/change-email.jsp. The applica... Attack Vector
SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 37	details The application's method executes an SQL query with executeUpdate, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application construct... Attack Vector
SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 38	details The application's method executes an SQL query with executeUpdate, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application construct... Attack Vector
SQL_Injection	/src/main/webapp/changeCardDetails.jsp: 39	details The application's method executes an SQL query with executeUpdate, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application construct... Attack Vector
SQL_Injection	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 33	details The application's method executes an SQL query with executeUpdate, at line 40 of /src/main/webapp/vulnerability/csrf/changepassword.jsp. The appli... Attack Vector
SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35	details The application's method executes an SQL query with executeQuery, at line 14 of /src/main/webapp/vulnerability/Messages.jsp. The application const... Attack Vector
SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	details The application's method executes an SQL query with executeQuery, at line 14 of /src/main/webapp/vulnerability/Messages.jsp. The application const... Attack Vector
Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 19	details The application's method executes an SQL query with BinaryExpr, at line 40 of /src/main/webapp/vulnerability/csrf/changepassword.jsp. The applicat... Attack Vector
Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 19	details The application's method executes an SQL query with BinaryExpr, at line 31 of /src/main/webapp/vulnerability/csrf/change-info.jsp. The application... Attack Vector
Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp: 19	details The application's method executes an SQL query with BinaryExpr, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application constructs t... Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 14 of /src/main/webapp/vulnerability/Messages.jsp. The application constru... Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 40 of /src/main/webapp/vulnerability/csrf/changepassword.jsp. The applicat... Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 31 of /src/main/webapp/vulnerability/csrf/change-info.jsp. The application... Attack Vector
Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 52	details The application's method executes an SQL query with BinaryExpr, at line 43 of /src/main/webapp/changeCardDetails.jsp. The application constructs t... Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumUsersList.jsp: 12	details The method embeds untrusted data in generated output with print, at line 18 of /src/main/webapp/vulnerability/forumUsersList.jsp. This untrusted d... Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14	details The method embeds untrusted data in generated output with print, at line 17 of /src/main/webapp/vulnerability/forumposts.jsp. This untrusted data ... Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14	details The method embeds untrusted data in generated output with print, at line 18 of /src/main/webapp/vulnerability/forumposts.jsp. This untrusted data ... Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp: 14	details The method embeds untrusted data in generated output with print, at line 19 of /src/main/webapp/vulnerability/forumposts.jsp. This untrusted data ... Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/Messages.jsp: 14	details The method embeds untrusted data in generated output with print, at line 19 of /src/main/webapp/vulnerability/Messages.jsp. This untrusted data is... Attack Vector
Stored_XSS	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16	details The method embeds untrusted data in generated output with print, at line 19 of /src/main/webapp/vulnerability/DisplayMessage.jsp. This untrusted d... Attack Vector

More results are available on the CxOne platform

Fixed Issues (29)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2015-2575~~	Maven-mysql:mysql-connector-java-5.1.26
	~~CVE-2017-3523~~	Maven-mysql:mysql-connector-java-5.1.26
	~~CVE-2018-3258~~	Maven-mysql:mysql-connector-java-5.1.26
	~~Cx039cb67c-ead3~~	Maven-mysql:mysql-connector-java-5.1.26
	~~Cx6f651376-312a~~	Maven-mysql:mysql-connector-java-5.1.26
	~~Cx7ef609d2-efb5~~	Maven-mysql:mysql-connector-java-5.1.26
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/xss.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/test2.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/xss.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/PocXSS.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy2.js: 25
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/xss.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/PocXSS.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy2.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/xss.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/policy.js: 9
	~~Reflected_XSS~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/test2.js: 9
	~~CVE-2017-3586~~	Maven-mysql:mysql-connector-java-5.1.26
	~~CVE-2020-2875~~	Maven-mysql:mysql-connector-java-5.1.26
	~~CVE-2020-2934~~	Maven-mysql:mysql-connector-java-5.1.26
	~~Missing_HSTS_Header~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 19
	~~Missing_HSTS_Header~~	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 55
	~~CVE-2017-3589~~	Maven-mysql:mysql-connector-java-5.1.26
	~~CVE-2020-2933~~	Maven-mysql:mysql-connector-java-5.1.26
	~~Heap_Inspection~~	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 33
	~~Missing_CSP_Header~~	/src/main/java/org/cysecurity/cspf/jvl/model/orm/poc/poc2/analitc.js: 19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49 #7

[Snyk] Upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49 #7

Uh oh!

Dobridp commented Mar 27, 2025

Uh oh!

msant262 commented Mar 27, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

[Snyk] Upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49 #7

Are you sure you want to change the base?

[Snyk] Upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49 #7

Uh oh!

Conversation

Dobridp commented Mar 27, 2025

Snyk has created this PR to upgrade mysql:mysql-connector-java from 5.1.26 to 5.1.49.

Issues fixed by the recommended upgrade:

Uh oh!

msant262 commented Mar 27, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants