CVE-2024-21512 – mysql2

Package

Manager: npm
Name: mysql2
Vulnerable Version: >=0 <3.9.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

EPSS: 0.68341 pctl0.98555

Details

mysql2 vulnerable to Prototype Pollution Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Metadata

Created: 2024-05-30T18:34:32Z
Modified: 2024-06-06T16:49:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-pmh2-wpjm-fj45/GHSA-pmh2-wpjm-fj45.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-pmh2-wpjm-fj45
Finding: F390
Auto approve: 1