First published: Tue Apr 23 2024(Updated: )
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Credit: report@snyk.io report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
npm/mysql2 | <3.9.7 | 3.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.