Re: CVE-2024-7254
CVE-2024-7254 is currently in "awaiting analysis" state.
However, Connector/J users should not be affected by it. Definitely not if using the JDBC implementation (protobuf not used there), and probably not affected if using the X DevAPI.
Nevertheless, third party dependencies are updated regularly and protobuf-java shall be updated soon. On the other hand, you can override this dependency yourself and just use the latest version of the library.
Subject
Written By
Posted
September 23, 2024 01:54AM
Re: CVE-2024-7254
October 28, 2024 08:36AM
Sorry, only registered users may post in this forum.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.