90 matches found
0data (=1.0.0), 1.1.1-version (=1.0.0) +8622 more potentially affected by CVE-2024-21511 via mysql2 (>=0.11.8 <=3.9.6)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21511 Source advisory: OSV:GHSA-4RCH-2FH8-94VW...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Summary : The CVE-2024-21511 entry concerns the npm package mysql2, where versions before 3.9.7 are vulnerable to arbitrary code injection due to improper sanitization of the timezone parameter in the readCodeFor function, which triggers a native MySQL Server date/time function access. Affected s...
PT-2024-6583
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...
mysql2 安全漏洞
MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5447 more potentially affected by CVE-2024-21511 via mysql2 (>=3.0.0-rc.1 <=3.9.6)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21511 Source advisory: SNYK:JS-MYSQL2-6670046...
Arbitrary Code Injection
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...
Remote Code Execution (RCE)
mysql2 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of supportBigNumbers and bigNumberStrings values within the readCodeFor function, which allows an attacker to execute arbitrary code...
The vulnerability of the readCodeFor function in the mysql2 library allows a hacker to execute arbitrary code.
The vulnerability of the readCodeFor function in the mysql2 database library is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Prototype Pollution
mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to insecure object creation and improper user input sanitization which is passed through the parserFn method in both textparser.js and binaryparser.js...
Cache Poisoning
mysql2 is vulnerable to cache poisoning. The vulnerability is due to insufficient validation of user-supplied input within the keyFromFields function, allowing an attacker to inject a colon : character within a value of the attacker-crafted key, which results in cache poisoning...
CVE-2024-21509
A prototype pollution vulnerability was found in mysql2. Insecure results in object creation and improper user input sanitization can lead to prototype poisoning. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...
GHSA-FPW7-J2HG-69V5 mysql2 Remote Code Execution (RCE) via the readCodeFor function
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8621 more potentially affected by CVE-2024-21508 via mysql2 (>=0.11.8 <=3.9.3)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21508 Source advisory: OSV:GHSA-FPW7-J2HG-69V5...
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...
CVE-2024-21507
A flaw was found in the MySQL2 npm package. Affected versions of this package are vulnerable to improper input validation through the keyFromFields function, resulting in cache poisoning. This flaw allows an attacker to inject a colon : character within a value of the attacker-crafted key...
CVE-2024-21508
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...
CVE-2024-21508
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...
PT-2024-2756
Name of the Vulnerable Software and Affected Versions mysql2 versions prior to 3.9.4 Description The issue is related to the readCodeFor function in the mysql2 package, which is vulnerable to Remote Code Execution RCE due to improper validation of the supportBigNumbers and bigNumberStrings values...