Lucene search

GitHub Advisory DatabaseGHSA-F982-MXWC-3MRX

HistoryMay 24, 2022 - 4:53 p.m.

MySQL for Node.js Unsafe Options

2022-05-2416:53:05

CWE-200

GitHub Advisory Database

github.com

node.js

mysql

security issue

load data local infile

open by default

software

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.

Affected configurations

Vulners

Node

mysqlmysqlMatch2.17.1

VendorProductVersionCPE
mysqlmysql2.17.1cpe:2.3:a:mysql:mysql:2.17.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mysql	mysql	2.17.1	cpe:2.3:a:mysql:mysql:2.17.1:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=934712&gt

github.com/advisories/GHSA-f982-mxwc-3mrx

github.com/mysqljs/mysql/commit/337e87ae5fcea3667864197c65dc758517fcde06

github.com/mysqljs/mysql/issues/2471

nvd.nist.gov/vuln/detail/CVE-2019-14939

web.archive.org/web/20190812004403/https://github.com/mysqljs/mysql/issues/2257

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for GHSA-F982-MXWC-3MRX