MySQL Forums
Forum List  »  Quality Assurance

Patches for CVE-2024-21090 and CVE-2024-21170
Posted by: Daniel Leidert
Date: September 29, 2024 11:19AM

I'm trying to identify the patches for CVE-2024-21090 and CVE-2024-21170. The former was fixed in release 8.4.0 of the Python version of the connector. The latter in version 9.0.0. None of the CVEs gives much indication of what the real problem was and the commits don't mention the CVEs. The patches I spotted that might be related are

https://github.com/mysql/mysql-connector-python/commit/f3e285e78945d53405698c1077251e042121dfe5 (CVE-2024-21090)

https://github.com/mysql/mysql-connector-python/commit/1e799824c308f9ba4a22f0f4a9b340419b6b0f22 (CVE-2024-21170)

I'd appreciate it if anybody could verify that these are indeed the patches for the mentioned vulnerabilities.

Options: ReplyQuote


Subject
Views
Written By
Posted
Patches for CVE-2024-21090 and CVE-2024-21170
206
September 29, 2024 11:19AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.