org.webjars.npm:mysql@2.10.2 vulnerabilities

  • latest version

    2.18.1

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    4 years ago

  • licenses detected

  • package manager

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:mysql package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Uninitialized Memory Exposure

mysql is a node.js driver for mysql.

Affected versions of the package are vulnerable due to the unsafe use of the Buffer() method. Uninitialized memory may be exposed when a value of type number is provided to various methods in mysql which require allocation of buffers and results in concatenation of uninitialized memory to the buffer collection.

This vulnerability is unlikely to be exploited, but may be possible if a server-side mysql accepts typed input for passwords from the client even though the user doesn’t control the server-side code (i.e through JSON format).

How to fix Uninitialized Memory Exposure?

Upgrade mysql to version 2.14.0 or higher. Note This is vulnerable only for Node <=4

[,2.14.0)