GHSA-4RCH-2FH8-94VW MySQL2 for Node Arbitrary Code Injection

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...

Arbitrary Code Injection

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...

Remote Code Execution (RCE)

mysql2 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of supportBigNumbers and bigNumberStrings values within the readCodeFor function, which allows an attacker to execute arbitrary code...

CVE-2024-21508

CVE-2024-21508 affects the mysql2 npm package prior to version 3.9.4. The vulnerability is a Remote Code Execution (RCE) flaw in the readCodeFor function caused by improper validation of supportBigNumbers and bigNumberStrings. Affected software is the mysql2 library (Node.js), with public details...

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in versions of mysql2 prior to 3.9.4, which stems from vulnerability to Remote Code Execution RCE attacks via the readCodeFor function...

Remote Code Execution (RCE)

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. PoC js sql:SELECT...