90 matches found
GHSA-MQR2-W7WJ-JJGR mysql2 cache poisoning vulnerability
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8621 more potentially affected by CVE-2024-21509 via mysql2 (>=0.11.8 <=3.9.3)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21509 Source advisory: OSV:GHSA-49J4-86M8-Q2JW...
GHSA-49J4-86M8-Q2JW mysql2 vulnerable to Prototype Poisoning
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8620 more potentially affected by CVE-2024-21507 via mysql2 (>=0.11.8 <=3.9.2)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21507 Source advisory: OSV:GHSA-MQR2-W7WJ-JJGR...
mysql2 vulnerable to Prototype Poisoning
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...
mysql2 cache poisoning vulnerability
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...
CVE-2024-21507
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...
CVE-2024-21509
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...
CVE-2024-21509
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...
CVE-2024-21507
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...
CVE-2024-21507
CVE-2024-21507 affects the mysql2 npm package: all versions before 3.9.3 are vulnerable due to improper input validation in the keyFromFields function, allowing cache poisoning via a colon (:) inside an attacker-crafted key value. Impact is described as confidentiality/integrity concerns in vario...
CVE-2024-21507
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...
CVE-2024-21509
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...
CVE-2024-21509
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...
CVE-2024-21509
The CVE-2024-21509 vulnerability affects the mysql2 package prior to version 3.9.4, as described across multiple sources. The root cause is Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser....
PT-2024-18922 · Mysql2 · Mysql2
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.3 Description: The issue is related to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted...
MySQL2 安全漏洞
MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.3, which stems from incorrect input validation via the keyFromFields function, leading to cache poisoning...
PT-2024-18923 · Mysql2 · Mysql2
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.4 Description: The issue is related to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text parser.js and binary parser.js...
MySQL2 安全漏洞
MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5440 more potentially affected by CVE-2024-21507 via mysql2 (>=3.0.0-rc.1 <=3.9.2)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21507 Source advisory: SNYK:JS-MYSQL2-6591300...