Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hcw3-ymdx-pfas
Vulnerability ID VCID-hcw3-ymdx-pfas
Aliases CVE-2024-21272
GHSA-hgjp-83m4-h4fj
Summary MySQL Connector/Python connector takeover vulnerability Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss 0.00915 https://api.first.org/data/v1/epss?cve=CVE-2024-21272
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-hgjp-83m4-h4fj
cvssv3.1 7.5 https://github.com/mysql/mysql-connector-python
cvssv4 7.7 https://github.com/mysql/mysql-connector-python
generic_textual HIGH https://github.com/mysql/mysql-connector-python
cvssv3.1 7.5 https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
cvssv4 7.7 https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
generic_textual HIGH https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-21272
cvssv4 7.7 https://nvd.nist.gov/vuln/detail/CVE-2024-21272
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-21272
cvssv3.1 7.5 https://www.oracle.com/security-alerts/cpuoct2024.html
cvssv4 7.7 https://www.oracle.com/security-alerts/cpuoct2024.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpuoct2024.html
ssvc Track https://www.oracle.com/security-alerts/cpuoct2024.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-21272
https://github.com/mysql/mysql-connector-python
https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
https://nvd.nist.gov/vuln/detail/CVE-2024-21272
https://www.oracle.com/security-alerts/cpuoct2024.html
1085297 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085297
cpe:2.3:a:oracle:mysql_connector\/python:9.0.0_and_prior:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\/python:9.0.0_and_prior:*:*:*:*:*:*:*
GHSA-hgjp-83m4-h4fj https://github.com/advisories/GHSA-hgjp-83m4-h4fj
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mysql/mysql-connector-python
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/mysql/mysql-connector-python
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21272
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21272
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2024.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://www.oracle.com/security-alerts/cpuoct2024.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T20:31:30Z/ Found at https://www.oracle.com/security-alerts/cpuoct2024.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.75845
EPSS Score 0.00915
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:24.565242+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-hgjp-83m4-h4fj/GHSA-hgjp-83m4-h4fj.json 38.0.0