1. Background
During a security scan, a large number of MySQL vulnerabilities were found. It is based on Mysql for intranet use, and the version is indeed a bit old. Considering upgrading, comprehensive vulnerability analysis, I can only upgrade to the latest version 5.7.42 and 8.0.33. On-site environment: Mysql 5.7.28, 5.7.20 and mysql: 8.0.21
| Vulnerability number | Vulnerability description |
|---|---|
| CVE-2023-21912 | There are security vulnerabilities in the Server: Security: Privileges component of MySQL 5.7.41 and earlier versions and 8.0.30 and earlier versions |
| CVE-2022-37434 | MySQL 5.7.41 and earlier versions and 8.0.31 and earlier versions of Server: InnoDB (zlib) component has a security vulnerability |
| CVE-2022-32221 | Incorrect input validation in the Server: Packaging (cURL) component of MySQL Server 5.7.40 and earlier. |
| CVE-2023-21980 | There are security vulnerabilities in the Client programs component of MySQL 5.7.41 and earlier versions and 8.0.32 and earlier versions; |
| CVE-2022-43551 | A security vulnerability exists in the Server: Server: Packaging (cURL) component of MySQL versions 5.7.41 and earlier and versions 8.0.32 and earlier |
Appendix: [difference between mysql5.7 and mysql8.0 (https://www.cnblogs.com/harda/p/16497988.html), mysql 8 manual ,