Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. https://blog.slonser.info/posts/mysql2-attacker-configuration/ https://github.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818 https://github.com/sidorares/node-mysql2/pull/2424 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300