mysql2@2.0.0-alpha1 vulnerabilities

fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS

latest version

3.11.4
latest non vulnerable version

3.11.5-canary.d5a76e6c
first published

12 years ago
latest version published

19 days ago
licenses detected
- MIT
  >=0
View mysql2 package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mysql2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Prototype Pollution mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using `nestTables`. How to fix Prototype Pollution? Upgrade `mysql2` to version 3.9.8 or higher.	<3.9.8
C Arbitrary Code Injection mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the `timezone` parameter in the `readCodeFor` function by calling a native MySQL Server date/time function. How to fix Arbitrary Code Injection? Upgrade `mysql2` to version 3.9.7 or higher.	<3.9.7
C Remote Code Execution (RCE) mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the `readCodeFor` function due to improper validation of the `supportBigNumbers` and `bigNumberStrings` values. How to fix Remote Code Execution (RCE)? Upgrade `mysql2` to version 3.9.4 or higher.	<3.9.4
M Prototype Poisoning mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Poisoning due to insecure `results` object creation and improper user input sanitization passed through `parserFn` in `text_parser.js` and `binary_parser.js`. How to fix Prototype Poisoning? Upgrade `mysql2` to version 3.9.4 or higher.	<3.9.4
M Use of Web Browser Cache Containing Sensitive Information mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information through the `keyFromFields` function, resulting in cache poisoning. An attacker can inject a colon (`:`) character within a value of the attacker-crafted key. How to fix Use of Web Browser Cache Containing Sensitive Information? Upgrade `mysql2` to version 3.9.3 or higher.	<3.9.3

Go back to all versions of this package

mysql2@2.0.0-alpha1 vulnerabilities

fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities