CVE-2024-21512

May 29, 2024, 1:02 p.m.

8.2
High

Description

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Product(s) Impacted

Product Versions
mysql2
  • ['before 3.9.8']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc
https://github.com/sidorares/node-mysql2/pull/2702
https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580

Tags

CWE-1321
2024-05-29
CVE-2024-21512
report@snyk.io

CVSS Score

8.2 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

    View Vector String

Timeline

Published: May 29, 2024, 5:16 a.m.
Last Modified: May 29, 2024, 1:02 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

report@snyk.io

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.