CVE-2024-21512

CVSS V2 None CVSS V3 None

Description

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Overview

CVE ID
CVE-2024-21512

Assigner
snyk

Vulnerability Status
PUBLISHED

Published Version
2024-05-29T05:00:01.515Z

Last Modified Date
2024-06-15T15:25:04.084Z

Weakness Enumerations

CWE	URL
CWE-1321	http://cwe.mitre.org/data/definitions/1321.html

References

Reference URL	Reference Tags
https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
https://github.com/sidorares/node-mysql2/pull/2702
https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-21512
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21512

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 15:04:00				Added to TrackCVE