VDB
CVE-2024-21512
CVE-2024-21512
PUBLISHED
CVSS 8.199999809265137 HIGH
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
EPSS 68.34% · 98.6th percentile
Risk Scores
CVSS v3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
EPSS Score
68.34%
98.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | mysql2 | 0 |
| n/a | mysql2 | 0 |
| mysql2 | mysql2 | 0 |
| n/a | org.webjars.npm:mysql2 | 0 |
Timeline
- May 29, 2024 EPSS Score
- May 29, 2024 CVE Published
- Jun 22, 2024 EPSS Score
- Aug 1, 2024 CVE Updated
- Aug 8, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Nov 10, 2024 EPSS Score
- Dec 27, 2024 EPSS Score
- Jan 20, 2025 EPSS Score
- Mar 8, 2025 EPSS Score
References
- https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580 url
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010 url
- https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a url
- https://github.com/sidorares/node-mysql2/pull/2702 url
- https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc url
- https://nvd.nist.gov/vuln/detail/CVE-2024-21512 advisory
- https://github.com/sidorares/node-mysql2 package