mysql@2.0.0-alpha vulnerabilities

A node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed.

  • latest version

    2.18.1

  • latest non vulnerable version

  • first published

    13 years ago

  • latest version published

    4 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the mysql package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Uninitialized Memory Exposure

    mysql is a node.js driver for mysql.

    Affected versions of the package are vulnerable due to the unsafe use of the Buffer() method. Uninitialized memory may be exposed when a value of type number is provided to various methods in mysql which require allocation of buffers and results in concatenation of uninitialized memory to the buffer collection.

    This vulnerability is unlikely to be exploited, but may be possible if a server-side mysql accepts typed input for passwords from the client even though the user doesn’t control the server-side code (i.e through JSON format).

    How to fix Uninitialized Memory Exposure?

    Upgrade mysql to version 2.14.0 or higher. Note This is vulnerable only for Node <=4

    <2.14.0
    • H
    SQL Injection

    mysql is a node.js driver for mysql. Affected versions of this package do not properly escape column identifiers with mysql.escape() and can result in SQL injection vulnerability.

    How to fix SQL Injection?

    Upgrade mysql to version >=v2.0.0-alpha8 or higher.

    >=2.0.0-alpha <2.0.0-alpha8