cbcvebase.
CVE-2024-21512
published 2024-05-29

CVE-2024-21512: Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when…

PriorityP347high8.2CVSS 3.1
AVNACLPRNUINSUCNIHAL
EPSS
3.11%
86.2th percentile
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Affected

1 ranges
VendorProductVersion rangeFixed in
sidoraresmysql2>= 0 < 3.9.83.9.8

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via improper user input sanitization passed to `fields` and `tables` parameters when using the `nestTables` option in mysql2
  • Affected package is `mysql2` Node.js library; versions before 3.9.8 are vulnerable to Prototype Pollution — detect use of vulnerable versions in dependency manifests (package.json, package-lock.json)
  • ·Red Hat Developer Hub packages (rhdh-operator-container and rhdh/rhdh-hub-rhel9) are explicitly marked as NOT affected by this CVE
  • ·No mitigation is currently available that meets Red Hat Product Security criteria; patching to mysql2 >= 3.9.8 is the primary remediation path

CVSS provenance

nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
vendor_redhat8.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.