Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
mysql2 安全漏洞
Vulnerability Description
MySQL2是Andrey Sidorov个人开发者的一个 Node.js 的 MySQL 客户端。 mysql2 2 3.9.7 之前版本存在安全漏洞,该漏洞源于通过调用本机 MySQL 服务器 date/time 函数对 readCodeFor 函数中的 timezone 参数进行了不正确的清理,导致任意代码注入。
CVSS Information
N/A
Vulnerability Type
N/A