8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
github.com/sidorares/node-mysql2
github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc
github.com/sidorares/node-mysql2/pull/2702
nvd.nist.gov/vuln/detail/CVE-2024-21512
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%