CVE-2024-21507

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-21507

Severity

5.3

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-21507
https://github.com/advisories/GHSA-mqr2-w7wj-jjgr
https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300
https://blog.slonser.info/posts/mysql2-attacker-configuration/
https://github.com/sidorares/node-mysql2/pull/2424
https://github.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-21507

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company