Weslley Araújo

4 exploits Active since Apr 2024
CVE-2024-21507 WRITEUP MEDIUM WRITEUP
Sidorares Mysql2 < 3.9.3 - Improper Input Validation
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
CVSS 6.5
CVE-2024-21508 WRITEUP CRITICAL WRITEUP
NPM Mysql2 < 3.9.4 - Code Injection
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
CVSS 9.8
CVE-2024-21509 WRITEUP MEDIUM WRITEUP
Sidorares Mysql2 < 3.9.4 - Prototype Pollution
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
CVSS 6.5
CVE-2024-21512 WRITEUP HIGH WRITEUP
NPM Mysql2 < 3.9.8 - Prototype Pollution
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
CVSS 8.2