CVE-2024-21507

Published April 10th, 2024

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

sidorares/node-mysql2

:zap: fast mysqljs/mysql compatible mysql driver for node.js

GitHub

4.37K