GHSA-4RCH-2FH8-94VW MySQL2 for Node Arbitrary Code Injection

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...

PT-2024-6583 · Mysql2 · Mysql2

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...

Arbitrary Code Injection

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...

Remote Code Execution (RCE)

mysql2 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of supportBigNumbers and bigNumberStrings values within the readCodeFor function, which allows an attacker to execute arbitrary code...

mysql2 Remote Code Execution (RCE) via the readCodeFor function

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

GHSA-FPW7-J2HG-69V5 mysql2 Remote Code Execution (RCE) via the readCodeFor function

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

CVE-2024-21508

CVE-2024-21508 affects the mysql2 npm package prior to version 3.9.4. The vulnerability is a Remote Code Execution (RCE) flaw in the readCodeFor function caused by improper validation of supportBigNumbers and bigNumberStrings. Affected software is the mysql2 library (Node.js), with public details...

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in versions of mysql2 prior to 3.9.4, which stems from vulnerability to Remote Code Execution RCE attacks via the readCodeFor function...

Remote Code Execution (RCE)

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. PoC js sql:SELECT...