Fedora Account System
Red Hat Associate
Red Hat Customer
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. https://blog.slonser.info/posts/mysql2-attacker-configuration/ https://github.com/sidorares/node-mysql2/blob/fd3d117da82cc5c5fa5a3701d7b33ca77691bc61/lib/parsers/text_parser.js%23L134 https://github.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691 https://github.com/sidorares/node-mysql2/pull/2574 https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084