CVE-2024-21508

Summary

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

Affected Software

VendorProductVersion RangeStatus
n/amysql20 < 3.9.4affected

Weaknesses

  • CWE-94: Remote Code Execution (RCE)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References