Lucene search
K

90 matches found

vulnersOsv
vulnersOsv
added 2024/04/23 6:30 a.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8622 more potentially affected by CVE-2024-21511 via mysql2 (>=0.11.8 <=3.9.6)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21511 Source advisory: OSV:GHSA-4RCH-2FH8-94VW...

9.8CVSS7.2AI score0.01025EPSS
Exploits0
OSV
OSV
added 2024/04/23 5:15 a.m.16 views

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS7.4AI score
Exploits0References4
NVD
NVD
added 2024/04/23 5:15 a.m.13 views

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS9.6AI score0.01025EPSS
Exploits0References4
CVE
CVE
added 2024/04/23 5:0 a.m.379 views

CVE-2024-21511

Summary : The CVE-2024-21511 entry concerns the npm package mysql2, where versions before 3.9.7 are vulnerable to arbitrary code injection due to improper sanitization of the timezone parameter in the readCodeFor function, which triggers a native MySQL Server date/time function access. Affected s...

9.8CVSS6.8AI score0.01025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.4 views

PT-2024-6583

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...

10CVSS8.8AI score0.01025EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.3 views

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...

9.8CVSS7.6AI score0.01025EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/04/21 11:12 a.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5447 more potentially affected by CVE-2024-21511 via mysql2 (>=3.0.0-rc.1 <=3.9.6)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21511 Source advisory: SNYK:JS-MYSQL2-6670046...

9.8CVSS7.2AI score0.01025EPSS
Exploits0
Snyk
Snyk
added 2024/04/21 11:12 a.m.1 views

Arbitrary Code Injection

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...

9.8CVSS7.1AI score0.01025EPSS
Exploits0References2
Veracode
Veracode
added 2024/04/15 3:50 a.m.33 views

Remote Code Execution (RCE)

mysql2 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of supportBigNumbers and bigNumberStrings values within the readCodeFor function, which allows an attacker to execute arbitrary code...

9.8CVSS8AI score0.02554EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/15 12:0 a.m.5 views

The vulnerability of the readCodeFor function in the mysql2 library allows a hacker to execute arbitrary code.

The vulnerability of the readCodeFor function in the mysql2 database library is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.02554EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2024/04/12 12:27 p.m.16 views

Prototype Pollution

mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to insecure object creation and improper user input sanitization which is passed through the parserFn method in both textparser.js and binaryparser.js...

6.5CVSS7AI score0.00962EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2024/04/12 12:15 p.m.16 views

Cache Poisoning

mysql2 is vulnerable to cache poisoning. The vulnerability is due to insufficient validation of user-supplied input within the keyFromFields function, allowing an attacker to inject a colon : character within a value of the attacker-crafted key, which results in cache poisoning...

6.5CVSS6.9AI score0.00744EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/04/11 11:5 a.m.43 views

CVE-2024-21509

A prototype pollution vulnerability was found in mysql2. Insecure results in object creation and improper user input sanitization can lead to prototype poisoning. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...

6.5CVSS6.2AI score0.00962EPSS
Exploits1References6
OSV
OSV
added 2024/04/11 6:30 a.m.2 views

GHSA-FPW7-J2HG-69V5 mysql2 Remote Code Execution (RCE) via the readCodeFor function

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

9.8CVSS6AI score0.02554EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2024/04/11 6:30 a.m.4 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8621 more potentially affected by CVE-2024-21508 via mysql2 (>=0.11.8 <=3.9.3)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21508 Source advisory: OSV:GHSA-FPW7-J2HG-69V5...

9.8CVSS7.2AI score0.02554EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/11 6:30 a.m.37 views

mysql2 Remote Code Execution (RCE) via the readCodeFor function

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

9.8CVSS7.8AI score0.02554EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2024/04/11 5:51 a.m.25 views

CVE-2024-21507

A flaw was found in the MySQL2 npm package. Affected versions of this package are vulnerable to improper input validation through the keyFromFields function, resulting in cache poisoning. This flaw allows an attacker to inject a colon : character within a value of the attacker-crafted key...

6.5CVSS6.1AI score0.00744EPSS
Exploits1References4
OSV
OSV
added 2024/04/11 5:15 a.m.15 views

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

9.8CVSS7.5AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/11 5:0 a.m.17 views

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

9.8CVSS7.4AI score0.02554EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.3 views

PT-2024-2756

Name of the Vulnerable Software and Affected Versions mysql2 versions prior to 3.9.4 Description The issue is related to the readCodeFor function in the mysql2 package, which is vulnerable to Remote Code Execution RCE due to improper validation of the supportBigNumbers and bigNumberStrings values...

10CVSS8.9AI score0.02554EPSS
Exploits0References15
Rows per page
Query Builder