Vulnerability DatabaseCVE-2024-21170

CVE-2024-21170:
MySQL Connector Python vulnerability analysis and mitigation

Overview

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python) affects versions 8.4.0 and prior. This easily exploitable vulnerability allows low privileged attackers with network access via multiple protocols to compromise MySQL Connectors (Oracle Advisory).

Technical details

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. The scoring indicates network attack vector, low attack complexity, requires low privileges, no user interaction, and unchanged scope with low impacts to confidentiality, integrity, and availability (Oracle Advisory).

Impact

Successful exploitation can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data, unauthorized read access to a subset of MySQL Connectors accessible data, and unauthorized ability to cause a partial denial of service of MySQL Connectors (Oracle Advisory).

Mitigation and workarounds

Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay. The vulnerability is fixed in versions after 8.4.0 (Oracle Advisory).

Additional resources

Source: This report was generated using AI

Related MySQL Connector Python vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2019-2435	HIGH	8.1	Python	cpe:2.3:a:oracle:mysql_connectors	No	Yes	Jan 16, 2019
CVE-2024-21090	HIGH	7.5	MySQL	mysql-server	No	Yes	Apr 16, 2024
CVE-2025-21548	MEDIUM	6.4	MySQL Connector Python	cpe:2.3:a:oracle:mysql_connector\/python	No	Yes	Jan 21, 2025
CVE-2024-21170	MEDIUM	6.3	MySQL Connector Python	mysql-connector-python	No	Yes	Jul 16, 2024
CVE-2019-2920	MEDIUM	5.3	MySQL	mysql	No	Yes	Oct 16, 2019