Lucene search
K

90 matches found

OSV
OSV
added 2024/04/10 3:30 p.m.1 views

GHSA-MQR2-W7WJ-JJGR mysql2 cache poisoning vulnerability

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...

6.9CVSS5.9AI score0.00744EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2024/04/10 3:30 p.m.4 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8621 more potentially affected by CVE-2024-21509 via mysql2 (>=0.11.8 <=3.9.3)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21509 Source advisory: OSV:GHSA-49J4-86M8-Q2JW...

6.5CVSS6.5AI score0.00962EPSS
Exploits1
OSV
OSV
added 2024/04/10 3:30 p.m.1 views

GHSA-49J4-86M8-Q2JW mysql2 vulnerable to Prototype Poisoning

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.9CVSS5.9AI score0.00962EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2024/04/10 3:30 p.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8620 more potentially affected by CVE-2024-21507 via mysql2 (>=0.11.8 <=3.9.2)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21507 Source advisory: OSV:GHSA-MQR2-W7WJ-JJGR...

6.5CVSS6.5AI score0.00744EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/04/10 3:30 p.m.19 views

mysql2 vulnerable to Prototype Poisoning

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.5CVSS7AI score0.00962EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/10 3:30 p.m.32 views

mysql2 cache poisoning vulnerability

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...

6.5CVSS7AI score0.00744EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/04/10 5:15 a.m.19 views

CVE-2024-21507

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...

6.5CVSS6.3AI score0.00744EPSS
Exploits1References4
NVD
NVD
added 2024/04/10 5:15 a.m.9 views

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.5CVSS6.4AI score0.00962EPSS
Exploits1References6
OSV
OSV
added 2024/04/10 5:15 a.m.21 views

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.5CVSS6.8AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/10 5:0 a.m.14 views

CVE-2024-21507

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...

6.5CVSS7AI score0.00744EPSS
Exploits1References4
CVE
CVE
added 2024/04/10 5:0 a.m.302 views

CVE-2024-21507

CVE-2024-21507 affects the mysql2 npm package: all versions before 3.9.3 are vulnerable due to improper input validation in the keyFromFields function, allowing cache poisoning via a colon (:) inside an attacker-crafted key value. Impact is described as confidentiality/integrity concerns in vario...

6.5CVSS6.3AI score0.00744EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:0 a.m.22 views

CVE-2024-21507

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...

6.5CVSS6.6AI score0.00744EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/10 5:0 a.m.15 views

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.5CVSS6.6AI score0.00962EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/04/10 5:0 a.m.9 views

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.5CVSS6.7AI score0.00962EPSS
Exploits1References6
CVE
CVE
added 2024/04/10 5:0 a.m.292 views

CVE-2024-21509

The CVE-2024-21509 vulnerability affects the mysql2 package prior to version 3.9.4, as described across multiple sources. The root cause is Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser....

6.5CVSS6.3AI score0.00962EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.3 views

PT-2024-18922 · Mysql2 · Mysql2

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.3 Description: The issue is related to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted...

6.9CVSS6.3AI score0.00744EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.3, which stems from incorrect input validation via the keyFromFields function, leading to cache poisoning...

6.5CVSS6.3AI score0.00744EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-18923 · Mysql2 · Mysql2

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.4 Description: The issue is related to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text parser.js and binary parser.js...

6.9CVSS6.2AI score0.00962EPSS
Exploits1References13
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...

6.5CVSS6.3AI score0.00962EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2024/04/08 9:29 a.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5440 more potentially affected by CVE-2024-21507 via mysql2 (>=3.0.0-rc.1 <=3.9.2)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21507 Source advisory: SNYK:JS-MYSQL2-6591300...

6.5CVSS6.5AI score0.00744EPSS
Exploits1
Rows per page
Query Builder