cbcvebase.

Sidorares Mysql2 vulnerabilities

5 known vulnerabilities affecting sidorares/mysql2.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-21508P2CRITICAL≥ 0, < 3.9.42024-04-11
CVE-2024-21508 [CRITICAL] CWE-94 mysql2 Remote Code Execution (RCE) via the readCodeFor function mysql2 Remote Code Execution (RCE) via the readCodeFor function Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the `readCodeFor` function due to improper validation of the `supportBigNumbers` and `bigNumberStrings` values.
ghsaosv
CVE-2024-21511P3CRITICAL≥ 0, < 3.9.72024-04-23
CVE-2024-21511 [CRITICAL] CWE-94 MySQL2 for Node Arbitrary Code Injection MySQL2 for Node Arbitrary Code Injection Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
ghsaosv
CVE-2024-21512P3HIGH≥ 0, < 3.9.82024-05-30
CVE-2024-21512 [HIGH] CWE-1321 mysql2 vulnerable to Prototype Pollution mysql2 vulnerable to Prototype Pollution Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
ghsaosv
CVE-2024-21509P4MEDIUMCVSS 6.5fixed in 3.9.42024-04-10
CVE-2024-21509 [MEDIUM] CWE-1321 CVE-2024-21509: Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure re Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
ghsanvdosv
CVE-2024-21507P4MEDIUMCVSS 5.3fixed in 3.9.32024-04-10
CVE-2024-21507 [MEDIUM] CWE-20 CVE-2024-21507: Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
ghsanvdosv
Sidorares Mysql2 vulnerabilities | cvebase