0data (=1.0.0), 1.1.1-version (=1.0.0) +5428 more potentially affected by CVE-2024-21512 via mysql2 (>=3.0.0-rc.1 <=3.9.7)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =4.2.3, =4.2.50 and more Source cves: CVE-2024-21512 Source advisory: SNYK:JS-MYSQL2-6861580...

Prototype Pollution

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. PoC js const mysql = require'mysql2'; const...