Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package mysql2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-21508 — CVSS 9.8 (critical): Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper…
CVE-2024-21511 — CVSS 9.8 (critical): Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone…
CVE-2024-21512 — CVSS 8.2 (high): Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields…
CVE-2024-21507 — CVSS 6.5 (medium): Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in…
CVE-2024-21509 — CVSS 6.5 (medium): Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user…