CVE-2024-21511

Published April 23rd, 2024

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

sidorares/node-mysql2

:zap: fast mysqljs/mysql compatible mysql driver for node.js

GitHub

4.37K