Which version and edition of Flyway are you using?
If this is not the latest version, can you reproduce the issue with the latest one as well?
This is latest version
Which client are you using? (Command-line, Java API, Maven plugin, Gradle plugin)
Command-line, Java API, Maven Plug-in
Which database are you using (type & version)?
Which operating system are you using?
Dockers on CentOs
What did you do?
Security Scan was performed on our application which uses flyway
The following vulnerability has been reported on flywaydb by our Sonatype Nexsus IQ Scanner during an internal security scanning. Please confirm if flywaydb is impacted by this? If yes, can you please update the jar and share a timeline for the same.
If flywaydb is not impacted then please provide your comments on why this is not impacted
Details of the Vulnerability Description from CVE
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
flyway-commandline-6.0.0-beta2-linux-x64.tar.gz <= mysql-connector-java-8.0.12.jar : ( , 8.0.12]