Skip to content

mysql2 Remote Code Execution (RCE) via the readCodeFor function #25

New issue
New issue
Closed
#50
Closed
mysql2 Remote Code Execution (RCE) via the readCodeFor function#25
#50
Assignees
NewerKey
Labels
security - criticalThere is a critical security risk
@AGiljanovic

Description

@AGiljanovic
AGiljanovic
opened on May 21, 2024

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

Fix: Update the packages.

See link

Metadata

Metadata

Assignees

Labels

security - criticalThere is a critical security risk

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions