{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21512", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-12-22T12:33:20.120Z", "datePublished": "2024-05-29T05:00:01.515Z", "dateUpdated": "2024-08-01T22:20:40.900Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P"}}], "credits": [{"value": "Donggyu Kim", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1321", "description": "Prototype Pollution", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-06-15T15:25:04.084Z"}, "descriptions": [{"value": "Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580"}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010"}, {"url": "https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a"}, {"url": "https://github.com/sidorares/node-mysql2/pull/2702"}, {"url": "https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc"}], "affected": [{"product": "mysql2", "versions": [{"version": "0", "lessThan": "3.9.8", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}, {"product": "org.webjars.npm:mysql2", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21512", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T14:07:58.190595Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mysql2:mysql2:-:*:*:*:*:*:*:*"], "vendor": "mysql2", "product": "mysql2", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.8", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:33.933Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:20:40.900Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a", "tags": ["x_transferred"]}, {"url": "https://github.com/sidorares/node-mysql2/pull/2702", "tags": ["x_transferred"]}, {"url": "https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a", "tags": ["x_transferred"]}, {"url": "https://github.com/sidorares/node-mysql2/pull/2702", "tags": ["x_transferred"]}, {"url": "https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:20:40.900Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21512", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T14:07:58.190595Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mysql2:mysql2:-:*:*:*:*:*:*:*"], "vendor": "mysql2", "product": "mysql2", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.8", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T14:10:08.927Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "value": "Donggyu Kim"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "mysql2", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.8", "versionType": "semver"}]}, {"vendor": "n/a", "product": "org.webjars.npm:mysql2", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580"}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010"}, {"url": "https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a"}, {"url": "https://github.com/sidorares/node-mysql2/pull/2702"}, {"url": "https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc"}], "descriptions": [{"lang": "en", "value": "Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1321", "description": "Prototype Pollution"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-06-15T15:25:04.084Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21512", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:20:40.900Z", "dateReserved": "2023-12-22T12:33:20.120Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2024-05-29T05:00:01.515Z", "assignerShortName": "snyk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables."}, {"lang": "es", "value": "Las versiones del paquete mysql2 anteriores a la 3.9.8 son vulnerables a la contaminaci\u00f3n de prototipos debido a una sanitizaci\u00f3n inadecuada de las entradas del usuario pasadas a campos y tablas cuando se utilizan nestTables."}], "id": "CVE-2024-21512", "lastModified": "2024-06-06T13:15:31.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2024-05-29T05:16:08.353", "references": [{"source": "report@snyk.io", "url": "https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a"}, {"source": "report@snyk.io", "url": "https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc"}, {"source": "report@snyk.io", "url": "https://github.com/sidorares/node-mysql2/pull/2702"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "report@snyk.io", "type": "Secondary"}]}

{"bugzilla": {"description": "mysql2: vulnerable to Prototype Pollution due to improper user input sanitization", "id": "2283737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283737"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "status": "draft"}, "cwe": "CWE-1321", "details": ["Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.", "A flaw was found in MySQL2. This issue is due to prototype pollution caused by improper user input sanitization passed to fields and tables when using nestTables."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-21512", "package_state": [{"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}], "public_date": "2024-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-21512\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21512\nhttps://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a\nhttps://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc\nhttps://github.com/sidorares/node-mysql2/pull/2702\nhttps://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580"], "threat_severity": "Important", "upstream_fix": "MySQL2 3.9.8"}