Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:mysql2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Mysql2 (cbac3156-1e92-574e-903a-ba5e1f19b715) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21512 |
vulnerable | 2026-06-08 06:27:35.460315 |
Details available
HIGH (8.2)
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
Published: 2024-05-29T05:00:01.515Z
Updated: 2024-08-01T22:20:40.900Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21511 |
vulnerable | 2026-06-08 06:27:35.459904 |
Details available
CRITICAL (9.8)
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Published: 2024-04-23T05:00:00.602Z
Updated: 2024-08-01T22:20:40.911Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21509 |
vulnerable | 2026-06-08 06:27:35.458007 |
Details available
MEDIUM (6.5)
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
Published: 2024-04-10T05:00:00.795Z
Updated: 2024-08-22T13:11:18.154Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21508 |
vulnerable | 2026-06-08 06:27:35.457501 |
Details available
CRITICAL (9.8)
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
Published: 2024-04-11T05:00:00.748Z
Updated: 2024-08-01T22:20:40.908Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21507 |
vulnerable | 2026-06-08 06:27:35.449481 |
Details available
MEDIUM (6.5)
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
Published: 2024-04-10T05:00:01.727Z
Updated: 2024-09-18T14:46:37.140Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.