Lucene search
K

90 matches found

Snyk
Snyk
added 2024/04/08 9:29 a.m.2 views

Use of Web Browser Cache Containing Sensitive Information

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon...

6.5CVSS6.8AI score0.00744EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/04/07 4:57 p.m.5 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5444 more potentially affected by CVE-2024-21508 via mysql2 (>=3.0.0-rc.1 <=3.9.3)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21508 Source advisory: SNYK:JS-MYSQL2-6591085...

9.8CVSS7.2AI score0.02554EPSS
Exploits0
Snyk
Snyk
added 2024/04/07 4:57 p.m.2 views

Remote Code Execution (RCE)

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. PoC js sql:SELECT...

9.8CVSS7.4AI score0.02554EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/04/03 5:3 p.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5444 more potentially affected by CVE-2024-21509 via mysql2 (>=3.0.0-rc.1 <=3.9.3)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21509 Source advisory: SNYK:JS-MYSQL2-6591084...

6.5CVSS6.5AI score0.00962EPSS
Exploits1
Snyk
Snyk
added 2024/04/03 5:3 p.m.2 views

Prototype Poisoning

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and...

6.5CVSS7.2AI score0.00962EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2022/11/08 6:22 a.m.24 views

3.1 bug fix and enhancement update

An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in...

1.9AI score
Exploits0
Rockylinux
Rockylinux
added 2022/05/17 7:32 a.m.17 views

new packages: rubygem-mysql2

An update is available for rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
OSV
OSV
added 2022/05/14 1:49 a.m.12 views

GHSA-QFWQ-CHF4-JVWG karo Metacharacter Handling Remote Command Execution

The karo gem through 2.5.2 for Ruby allows Remote command injection via the host field. A flaw in db.rb is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands. In particular lines 76 and 95 as of 2014-06-01 pass unsanitized user supplied input to...

9.8CVSS10AI score0.03537EPSS
Exploits1References7
Rockylinux
Rockylinux
added 2020/11/03 12:39 p.m.15 views

2.5 bug fix update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

1.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

GEDCOM_TO_MYSQL php/index.php nom_branche - Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29048/info GEDCOMtoMySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

7.1AI score
Exploits0
Rows per page
Query Builder