Our SAST scanner has reported that CVE-2017-15945 (https://bugs.gentoo.org/630822) is impacting the .Net 5 connector that we use (https://www.nuget.org/packages/MySql.EntityFrameworkCore/, version 5.0.5). I do not have more information on how the SAST scanner looks for the vulnerabilities, but I do not see any direct impact on the connector, since the CVE refers to MySQL Server installer. Does anyone see any connection between the two or should I consider it a false positive? Thank you!
Asked
Active
Viewed 66 times
0
-
see: https://nvd.nist.gov/vuln/detail/CVE-2017-15945 (conclusion: not a false positive) – Luuk Mar 21 '22 at 14:21
-
But the vulnerability addresses the MySQL Server, right? Not the connector itself. – Florin Nedelcu Mar 21 '22 at 14:46
-
The vulnerablity says: "The **installation scripts** in the Gentoo ..... before 2017-09-29 have chown calls". So you should take care, when re-installing those... – Luuk Mar 21 '22 at 15:40