Meituan-Dianping/Zebra

There is a vulnerability in mysql-connector-java 5.1.40 ,upgrade recommended

QiAnXinCodeSafe opened this issue · 0 comments

QiAnXinCodeSafe commented

Zebra/zebra-admin-web/pom.xml

Lines 94 to 98 in 33d74b8

<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.40</version>
</dependency>

CVE-2017-3523 CVE-2018-3258 CVE-2019-2692 CVE-2020-2875 CVE-2020-2934

Recommended upgrade version:8.0.20