mysql2

npm5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mysql2page 1 of 1

CVE-2024-21507MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.9.3
2024-04-10
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted k…
CVE-2024-21508CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.9.4
2024-04-11
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
CVE-2024-21509MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.9.4
2024-04-10
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
CVE-2024-21511CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.9.7
2024-04-23
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
CVE-2024-21512HIGHCVSS 8.2EG 8.2✓ Fixed in 3.9.8
2024-05-29
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Check whether mysql2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mysql2 CVEs against the assets you own.

Start Free Scan →