90 matches found
Use of Web Browser Cache Containing Sensitive Information
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5444 more potentially affected by CVE-2024-21508 via mysql2 (>=3.0.0-rc.1 <=3.9.3)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21508 Source advisory: SNYK:JS-MYSQL2-6591085...
Remote Code Execution (RCE)
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. PoC js sql:SELECT...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5444 more potentially affected by CVE-2024-21509 via mysql2 (>=3.0.0-rc.1 <=3.9.3)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21509 Source advisory: SNYK:JS-MYSQL2-6591084...
Prototype Poisoning
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and...
3.1 bug fix and enhancement update
An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in...
new packages: rubygem-mysql2
An update is available for rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
GHSA-QFWQ-CHF4-JVWG karo Metacharacter Handling Remote Command Execution
The karo gem through 2.5.2 for Ruby allows Remote command injection via the host field. A flaw in db.rb is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands. In particular lines 76 and 95 as of 2014-06-01 pass unsanitized user supplied input to...
2.5 bug fix update
An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
GEDCOM_TO_MYSQL php/index.php nom_branche - Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29048/info GEDCOMtoMySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...