CVE-2024-21512
HIGH8.2EPSS 68.3%mysql2 vulnerable to Prototype Pollution
Published: 5/30/2024Modified: 2/4/2026
Description
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
Affected packages (1)
- npm/mysql2from 0, < 3.9.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-21512
- PATCHhttps://github.com/sidorares/node-mysql2
- WEBhttps://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
- WEBhttps://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc
- WEBhttps://github.com/sidorares/node-mysql2/pull/2702
- WEBhttps://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
- WEBhttps://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580