Description
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-1092 | Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. |
Github GHSA |
GHSA-4rch-2fh8-94vw | MySQL2 for Node Arbitrary Code Injection |
References
History
Tue, 15 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-08-01T22:20:40.911Z
Reserved: 2023-12-22T12:33:20.120Z
Link: CVE-2024-21511
Updated: 2024-08-01T22:20:40.911Z
Status : Deferred
Published: 2024-04-23T05:15:48.963
Modified: 2026-06-17T07:09:38.807
Link: CVE-2024-21511
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-94
Improper Control of Generation of Code ('Code Injection')
EUVD
Github GHSA