Versions of mysql before 2.14.0 are vulnerable to remove memory exposure.
Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password.
Only mysql running on Node.js versions below 6.0.0 is affected due to a throw added in newer node.js versions.
Created nodejs-mysql tracking bugs for this issue:
Affects: epel-all [bug 1578236]
Affects: fedora-all [bug 1578235]