CVE-2024-21512

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-21512

Severity

8.2

High

CVSS CVSS_V3

Description

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

References

https://images.chainguard.dev/security/CGA-3mh2-3mv5-jfp3
https://github.com/advisories/GHSA-pmh2-wpjm-fj45
https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc
https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
https://github.com/sidorares/node-mysql2/pull/2702
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2024-21512

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources