CVE-2024-21512

High

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields…

snyk·CWE-1321·Published 2024-05-29

CVSS

8.2

EPSS

0.03

KEV

Exploits

cve.orgen

172 chars

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

NVDen

172 chars

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

GHSAen

172 chars

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

NVDes

225 chars

Las versiones del paquete mysql2 anteriores a la 3.9.8 son vulnerables a la contaminación de prototipos debido a una sanitización inadecuada de las entradas del usuario pasadas a campos y tablas cuando se utilizan nestTables.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.2	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
3.1	Primary	cve.org	8.2	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
3.1	Secondary	NVD	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
3.1	Secondary	GHSA	8.2	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L