sidorares/node-mysql2

sidorares/node-mysql2

sidorares.github.io

Releases186

Frequency3 weeks 4 days

Last Release 9 days ago

Stars4.37K

:zap: fast mysqljs/mysql compatible mysql driver for node.js

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-21512 ↗	May 29, 2024Wednesday, 29 May 2024, 05:16	8.2 HIGH	—
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
CVE-2024-21511 ↗	Apr 23, 2024Tuesday, 23 April 2024, 05:15	9.8 CRITICAL	—
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
CVE-2024-21508 ↗	Apr 11, 2024Thursday, 11 April 2024, 05:15	9.8 CRITICAL	—
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
CVE-2024-21507 ↗	Apr 10, 2024Wednesday, 10 April 2024, 05:15	6.5 MEDIUM	—
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
CVE-2024-21509 ↗	Apr 10, 2024Wednesday, 10 April 2024, 05:15	6.5 MEDIUM	—
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.