mysql2@3.9.4 vulnerabilities

fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS

latest version

3.9.7
latest non vulnerable version

3.9.7
first published

11 years ago
latest version published

8 days ago
licenses detected
- MIT
  >=0
View mysql2 package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mysql2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Arbitrary Code Injection mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the `timezone` parameter in the `readCodeFor` function by calling a native MySQL Server date/time function. How to fix Arbitrary Code Injection? Upgrade `mysql2` to version 3.9.7 or higher.	<3.9.7

Arbitrary Code Injection

mysql2 is a mostly API compatible with mysqljs and supports majority of features.

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

How to fix Arbitrary Code Injection?

Upgrade mysql2 to version 3.9.7 or higher.

<3.9.7

Go back to all versions of this package

mysql2@3.9.4 vulnerabilities

fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities