Description

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

INFO

Published Date :

2024-04-10T05:00:01.727Z

Last Modified :

2024-09-18T14:46:37.140Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21507 vulnerability.

Vendors Products
Mysqljs
  • Mysql2
Sidorares
  • Mysql2

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact