Weslley Araújo

4 exploits Active since Apr 2024
CVE-2024-21507 WRITEUP MEDIUM WRITEUP
mysql2 < 3.9.3 - Cache Poisoning via KeyFromFields Colon Injection
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
CVSS 6.5
CVE-2024-21508 WRITEUP CRITICAL WRITEUP
mysql2 < 3.9.4 - Remote Code Execution via readCodeFor Function
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
CVSS 9.8
CVE-2024-21509 WRITEUP MEDIUM WRITEUP
sidorares/mysql2 < 3.9.4 - Prototype Pollution via Insecure Results Object Creation
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
CVSS 6.5
CVE-2024-21512 WRITEUP HIGH WRITEUP
mysql2 < 3.9.8 - Prototype Pollution via nestTables Input
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
CVSS 8.2