CVE-2024-21512

Summary

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Affected Software

VendorProductVersion RangeStatus
n/amysql20 < 3.9.8affected
n/aorg.webjars.npm:mysql20 < *affected

Weaknesses

  • CWE-1321: Prototype Pollution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References