CVE-2024-21507: mysql2 cache poisoning vulnerability
(updated )
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key.
References
- blog.slonser.info/posts/mysql2-attacker-configuration
- github.com/advisories/GHSA-mqr2-w7wj-jjgr
- github.com/sidorares/node-mysql2
- github.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818
- github.com/sidorares/node-mysql2/pull/2424
- nvd.nist.gov/vuln/detail/CVE-2024-21507
- security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300
Code Behaviors & Features
Detect and mitigate CVE-2024-21507 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →