What is CVE-2024-21090?

A high-severity vulnerability in Oracle MySQL Connector/Python allows unauthenticated network attackers to cause denial-of-service. Organizations should prioritize patching immediately to mitigate risks.

What is the severity of CVE-2024-21090?

CVE-2024-21090 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2024-21090 | High Vulnerability in Oracle MySQL Connector/Python

CVE-2024-21090 is a high-severity vulnerability affecting the MySQL Connectors product of Oracle MySQL, particularly the Connector/Python component. This vulnerability allows unauthenticated attackers with network access to exploit the connectors using multiple protocols. The successful exploitation of this vulnerability can lead to a denial-of-service (DoS) condition, causing the MySQL Connectors to hang or crash repeatedly. The CVSS 3.1 Base Score for this vulnerability is 7.5, indicating a significant impact on availability.

The vulnerability affects all supported versions of the MySQL Connector/Python up to and including version 8.3.0. Given the ease of exploitation and the potential for substantial disruption, organizations relying on these connectors should take immediate action to address this issue. The urgency for defenders is high, and they should prioritize patching this vulnerability to mitigate risks associated with potential attacks.

As of now, there are no known public exploits or proof-of-concept (PoC) available for CVE-2024-21090. However, the vulnerability's characteristics suggest that it could be exploited easily by attackers, making it crucial for organizations to remain vigilant and apply the necessary patches as soon as they are available.

Organizations should monitor their systems for any unusual behavior or signs of exploitation. Effective risk management and prompt remediation are essential to maintain the integrity and availability of critical systems.

Vulnerability Details

CVE-2024-21090 is classified as a vulnerability in the MySQL Connectors product of Oracle MySQL, specifically within the Connector/Python component. The official description states that this vulnerability affects versions 8.3.0 and earlier, allowing unauthenticated attackers to compromise MySQL Connectors through network access using multiple protocols. The result of a successful attack can lead to a denial-of-service condition, causing the connectors to hang or crash repeatedly. The CVSS score of 7.5 indicates a high severity level due to its availability impacts.

The CVSS vector for this vulnerability is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting that it has a network attack vector, low complexity, and does not require any privileges or user interaction to exploit. The availability impact is rated as high, which is critical for organizations relying on the MySQL Connectors for their operations.

The vulnerability was published on April 16, 2024, and is classified under the 'Analyzed' status. Organizations using affected versions should monitor for updates and apply any patches provided by Oracle to secure their systems.

Technical Analysis

The root cause of CVE-2024-21090 lies in the MySQL Connectors' handling of network protocols, which allows unauthenticated attackers to exploit the system without requiring any credentials. The attack vector is classified as network-based, meaning that the attacker can initiate the exploitation from any location with network access to the vulnerable connectors.

The attack complexity is rated as low, indicating that the vulnerability can be exploited easily without any specialized knowledge or skills. No privileges are required for an attacker to successfully exploit this vulnerability, and no user interaction is needed, increasing the risk of exploitation.

In terms of impact, the confidentiality and integrity impacts are rated as none, while the availability impact is high. This means that while the data itself remains secure, the ability to access the MySQL Connectors may be compromised, resulting in significant downtime or service interruptions.

Risk & Impact Analysis

The real-world risk posed by CVE-2024-21090 to organizations is substantial. Given that this vulnerability can be exploited by unauthenticated attackers over the network, the potential for widespread disruption is significant. Organizations using the affected MySQL Connectors may experience complete denial-of-service conditions, which can lead to loss of availability of critical services and applications relying on these components.

The blast radius for this vulnerability is considerable, as it affects all versions of the MySQL Connector/Python up to and including 8.3.0. Organizations that have not yet implemented the necessary patches are at risk of experiencing service outages, which can have cascading effects across their operational environments.

Based on the CVSS score and the characteristics of this vulnerability, organizations should prioritize remediation efforts. The urgency of addressing this vulnerability is high, given its ease of exploitation and the potential for significant operational impact.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the MySQL Connector/Python include all versions up to and including 8.3.0. Organizations should ensure that they are using the latest patched versions to secure their systems against this vulnerability.

Mitigation & Remediation

Oracle has provided patches for this vulnerability, and it is essential for organizations to apply these updates immediately. Organizations should validate remediation through penetration testing to identify similar weaknesses. Additionally, organizations may consider implementing network controls to restrict access to MySQL Connectors and monitor for unusual activities.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor their logs for indicators of unusual access patterns or spikes in traffic targeting the MySQL Connectors. Behavioral anomalies, such as unexpected crashes or hangs, should also be investigated promptly.

AppSecure Threat Intelligence Insight

CVE-2024-21090 represents a concerning trend in vulnerabilities affecting widely used database connectors. Organizations must recognize the importance of proactive security measures. Regular security assessments, including penetration testing methodologies, can help identify and remediate such vulnerabilities before they are exploited. Additionally, organizations should stay informed about emerging threats and regularly update their systems to protect against exploitation.

In conclusion, addressing CVE-2024-21090 is critical for maintaining the security and availability of systems reliant on Oracle MySQL Connector/Python. Organizations should prioritize patching and consider implementing additional security measures to defend against potential attacks.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-21090: High Vulnerability in Oracle MySQL Connector/Python