mysql@2.0.0-alpha4 vulnerabilities

A node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed.

latest version

2.18.1
latest non vulnerable version

2.18.1
first published

14 years ago
latest version published

5 years ago
licenses detected
- MIT
  >=0
View mysql package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mysql package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Uninitialized Memory Exposure `mysql` is a node.js driver for mysql. Affected versions of the package are vulnerable due to the unsafe use of the `Buffer()` method. Uninitialized memory may be exposed when a value of type `number` is provided to various methods in `mysql` which require allocation of buffers and results in concatenation of uninitialized memory to the buffer collection. This vulnerability is unlikely to be exploited, but may be possible if a server-side `mysql` accepts typed input for passwords from the client even though the user doesn’t control the server-side code (i.e through JSON format). How to fix Uninitialized Memory Exposure? Upgrade `mysql` to version 2.14.0 or higher. Note This is vulnerable only for Node <=4	<2.14.0
H SQL Injection `mysql` is a node.js driver for mysql. Affected versions of this package do not properly escape column identifiers with `mysql.escape()` and can result in SQL injection vulnerability. How to fix SQL Injection? Upgrade `mysql` to version >=v2.0.0-alpha8 or higher.	>=2.0.0-alpha <2.0.0-alpha8

Uninitialized Memory Exposure

mysql is a node.js driver for mysql.

Affected versions of the package are vulnerable due to the unsafe use of the Buffer() method. Uninitialized memory may be exposed when a value of type number is provided to various methods in mysql which require allocation of buffers and results in concatenation of uninitialized memory to the buffer collection.

This vulnerability is unlikely to be exploited, but may be possible if a server-side mysql accepts typed input for passwords from the client even though the user doesn’t control the server-side code (i.e through JSON format).

How to fix Uninitialized Memory Exposure?

Upgrade mysql to version 2.14.0 or higher. Note This is vulnerable only for Node <=4

<2.14.0

SQL Injection

mysql is a node.js driver for mysql. Affected versions of this package do not properly escape column identifiers with mysql.escape() and can result in SQL injection vulnerability.

How to fix SQL Injection?

Upgrade mysql to version >=v2.0.0-alpha8 or higher.

>=2.0.0-alpha <2.0.0-alpha8

Go back to all versions of this package

mysql@2.0.0-alpha4 vulnerabilities

A node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities