17 matches found
EUVD-2024-1089
Malicious code in bioql PyPI...
EUVD-2024-1092
Malicious code in bioql PyPI...
EUVD-2024-1251
Malicious code in bioql PyPI...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8603 more potentially affected by CVE-2024-21511 via mysql2 (>=0.11.8 <=3.9.6)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21511 Source advisory: OSV:GHSA-4RCH-2FH8-94VW...
mysql2 安全漏洞
MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...
Arbitrary Code Injection
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5425 more potentially affected by CVE-2024-21511 via mysql2 (>=3.0.0-rc.1 <=3.9.6)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.165 and more Source cves: CVE-2024-21511 Source advisory: SNYK:JS-MYSQL2-6670046...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8602 more potentially affected by CVE-2024-21508 via mysql2 (>=0.11.8 <=3.9.3)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21508 Source advisory: OSV:GHSA-FPW7-J2HG-69V5...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8602 more potentially affected by CVE-2024-21509 via mysql2 (>=0.11.8 <=3.9.3)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21509 Source advisory: OSV:GHSA-49J4-86M8-Q2JW...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8601 more potentially affected by CVE-2024-21507 via mysql2 (>=0.11.8 <=3.9.2)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21507 Source advisory: OSV:GHSA-MQR2-W7WJ-JJGR...
MySQL2 安全漏洞
MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...
PT-2024-18922 · Mysql2 · Mysql2
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.3 Description: The issue is related to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted...
PT-2024-18923 · Mysql2 · Mysql2
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.4 Description: The issue is related to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text parser.js and binary parser.js...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5418 more potentially affected by CVE-2024-21507 via mysql2 (>=3.0.0-rc.1 <=3.9.2)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.165 and more Source cves: CVE-2024-21507 Source advisory: SNYK:JS-MYSQL2-6591300...
Use of Web Browser Cache Containing Sensitive Information
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon...
0data (=1.0.0), 1.1.1-version (=1.0.0) +5422 more potentially affected by CVE-2024-21508 via mysql2 (>=3.0.0-rc.1 <=3.9.3)
mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.165 and more Source cves: CVE-2024-21508 Source advisory: SNYK:JS-MYSQL2-6591085...
Prototype Poisoning
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and...