Vulnerabilities

CVE-2024-21507

by Fred · 10/04/2024

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

More information : https://blog.slonser.info/posts/mysql2-attacker-configuration/

Similar

Tags: Cybersecurity Alert