[NPM:GHSA-4RCH-2FH8-94VW] MySQL2 for Node Arbitrary Code Injection

Severity Critical
Affected Packages 1
Fixed Packages 1
CVEs 1

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

Package Affected Version
pkg:npm/mysql2 < 3.9.7
Package Fixed Version
pkg:npm/mysql2 = 3.9.7
ID
NPM:GHSA-4RCH-2FH8-94VW
Severity
critical
URL
https://github.com/advisories/GHSA-4rch-2fh8-94vw
Published
2024-04-23T06:30:47
(4 weeks ago)
Modified
2024-04-23T20:50:58
(4 weeks ago)
Rights
NPM Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:npm/mysql2 mysql2 < 3.9.7
Fixed pkg:npm/mysql2 mysql2 = 3.9.7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...