Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/mysql2@1.1.0
Typenpm
Namespace
Namemysql2
Version1.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.9.8
Latest_non_vulnerable_version3.9.8
Affected_by_vulnerabilities
0
url VCID-2n2e-7xna-x3c5
vulnerability_id VCID-2n2e-7xna-x3c5
summary Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21509.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21509.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21509
reference_id
reference_type
scores
0
value 0.00765
scoring_system epss
scoring_elements 0.73972
published_at 2026-06-13T12:55:00Z
1
value 0.00765
scoring_system epss
scoring_elements 0.73883
published_at 2026-06-11T12:55:00Z
2
value 0.00765
scoring_system epss
scoring_elements 0.73957
published_at 2026-06-12T12:55:00Z
3
value 0.00765
scoring_system epss
scoring_elements 0.73971
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21509
2
reference_url https://blog.slonser.info/posts/mysql2-attacker-configuration
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.slonser.info/posts/mysql2-attacker-configuration
3
reference_url https://github.com/sidorares/node-mysql2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2274489
reference_id 2274489
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2274489
5
reference_url https://github.com/sidorares/node-mysql2/pull/2574
reference_id 2574
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:08:47Z/
url https://github.com/sidorares/node-mysql2/pull/2574
6
reference_url https://github.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691
reference_id 4a964a3910a4b8de008696c554ab1b492e9b4691
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:08:47Z/
url https://github.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21509
reference_id CVE-2024-21509
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21509
8
reference_url https://github.com/advisories/GHSA-49j4-86m8-q2jw
reference_id GHSA-49j4-86m8-q2jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49j4-86m8-q2jw
9
reference_url https://blog.slonser.info/posts/mysql2-attacker-configuration/
reference_id mysql2-attacker-configuration
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:08:47Z/
url https://blog.slonser.info/posts/mysql2-attacker-configuration/
10
reference_url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084
reference_id SNYK-JS-MYSQL2-6591084
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:08:47Z/
url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084
11
reference_url https://github.com/sidorares/node-mysql2/blob/fd3d117da82cc5c5fa5a3701d7b33ca77691bc61/lib/parsers/text_parser.js%23L134
reference_id text_parser.js%23L134
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:08:47Z/
url https://github.com/sidorares/node-mysql2/blob/fd3d117da82cc5c5fa5a3701d7b33ca77691bc61/lib/parsers/text_parser.js%23L134
12
reference_url https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4
reference_id v3.9.4
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:08:47Z/
url https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4
fixed_packages
0
url pkg:npm/mysql2@3.9.4
purl pkg:npm/mysql2@3.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nfyp-7vxe-mkgd
1
vulnerability VCID-sgrh-4nnj-vqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mysql2@3.9.4
aliases CVE-2024-21509, GHSA-49j4-86m8-q2jw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2e-7xna-x3c5
1
url VCID-nfyp-7vxe-mkgd
vulnerability_id VCID-nfyp-7vxe-mkgd
summary Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21511.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21511.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21511
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38372
published_at 2026-06-11T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38568
published_at 2026-06-13T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38557
published_at 2026-06-14T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38546
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21511
2
reference_url https://github.com/sidorares/node-mysql2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2276801
reference_id 2276801
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2276801
4
reference_url https://github.com/sidorares/node-mysql2/pull/2608
reference_id 2608
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-25T14:55:36Z/
url https://github.com/sidorares/node-mysql2/pull/2608
5
reference_url https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713
reference_id 7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-25T14:55:36Z/
url https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21511
reference_id CVE-2024-21511
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21511
7
reference_url https://github.com/advisories/GHSA-4rch-2fh8-94vw
reference_id GHSA-4rch-2fh8-94vw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rch-2fh8-94vw
8
reference_url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046
reference_id SNYK-JS-MYSQL2-6670046
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-25T14:55:36Z/
url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046
9
reference_url https://github.com/sidorares/node-mysql2/releases/tag/v3.9.7
reference_id v3.9.7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-25T14:55:36Z/
url https://github.com/sidorares/node-mysql2/releases/tag/v3.9.7
fixed_packages
0
url pkg:npm/mysql2@3.9.7
purl pkg:npm/mysql2@3.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sgrh-4nnj-vqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mysql2@3.9.7
aliases CVE-2024-21511, GHSA-4rch-2fh8-94vw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfyp-7vxe-mkgd
2
url VCID-p5hy-gt69-1bbb
vulnerability_id VCID-p5hy-gt69-1bbb
summary Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21507.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21507.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21507
reference_id
reference_type
scores
0
value 0.00421
scoring_system epss
scoring_elements 0.62562
published_at 2026-06-12T12:55:00Z
1
value 0.00421
scoring_system epss
scoring_elements 0.62569
published_at 2026-06-14T12:55:00Z
2
value 0.00421
scoring_system epss
scoring_elements 0.62574
published_at 2026-06-13T12:55:00Z
3
value 0.00421
scoring_system epss
scoring_elements 0.6246
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21507
2
reference_url https://blog.slonser.info/posts/mysql2-attacker-configuration
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.slonser.info/posts/mysql2-attacker-configuration
3
reference_url https://github.com/sidorares/node-mysql2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2
4
reference_url https://github.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818
reference_id 0d54b0ca6498c823098426038162ef10df02c818
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:03:05Z/
url https://github.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2274444
reference_id 2274444
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2274444
6
reference_url https://github.com/sidorares/node-mysql2/pull/2424
reference_id 2424
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:03:05Z/
url https://github.com/sidorares/node-mysql2/pull/2424
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21507
reference_id CVE-2024-21507
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21507
8
reference_url https://github.com/advisories/GHSA-mqr2-w7wj-jjgr
reference_id GHSA-mqr2-w7wj-jjgr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqr2-w7wj-jjgr
9
reference_url https://blog.slonser.info/posts/mysql2-attacker-configuration/
reference_id mysql2-attacker-configuration
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:03:05Z/
url https://blog.slonser.info/posts/mysql2-attacker-configuration/
10
reference_url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300
reference_id SNYK-JS-MYSQL2-6591300
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:03:05Z/
url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300
fixed_packages
0
url pkg:npm/mysql2@3.9.3
purl pkg:npm/mysql2@3.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2n2e-7xna-x3c5
1
vulnerability VCID-nfyp-7vxe-mkgd
2
vulnerability VCID-sgrh-4nnj-vqcj
3
vulnerability VCID-u9gj-xfsc-6fhb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mysql2@3.9.3
aliases CVE-2024-21507, GHSA-mqr2-w7wj-jjgr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5hy-gt69-1bbb
3
url VCID-sgrh-4nnj-vqcj
vulnerability_id VCID-sgrh-4nnj-vqcj
summary Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21512.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21512.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21512
reference_id
reference_type
scores
0
value 0.68341
scoring_system epss
scoring_elements 0.98627
published_at 2026-06-11T12:55:00Z
1
value 0.68341
scoring_system epss
scoring_elements 0.98634
published_at 2026-06-14T12:55:00Z
2
value 0.68341
scoring_system epss
scoring_elements 0.98632
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21512
2
reference_url https://github.com/sidorares/node-mysql2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2283737
reference_id 2283737
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2283737
4
reference_url https://github.com/sidorares/node-mysql2/pull/2702
reference_id 2702
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-29T14:07:58Z/
url https://github.com/sidorares/node-mysql2/pull/2702
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21512
reference_id CVE-2024-21512
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21512
6
reference_url https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
reference_id e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-29T14:07:58Z/
url https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a
7
reference_url https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc
reference_id efe3db527a2c94a63c2d14045baba8dfefe922bc
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-29T14:07:58Z/
url https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc
8
reference_url https://github.com/advisories/GHSA-pmh2-wpjm-fj45
reference_id GHSA-pmh2-wpjm-fj45
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmh2-wpjm-fj45
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
reference_id SNYK-JAVA-ORGWEBJARSNPM-7176010
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-29T14:07:58Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
10
reference_url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580
reference_id SNYK-JS-MYSQL2-6861580
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-29T14:07:58Z/
url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580
fixed_packages
0
url pkg:npm/mysql2@3.9.8
purl pkg:npm/mysql2@3.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mysql2@3.9.8
aliases CVE-2024-21512, GHSA-pmh2-wpjm-fj45
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgrh-4nnj-vqcj
4
url VCID-u9gj-xfsc-6fhb
vulnerability_id VCID-u9gj-xfsc-6fhb
summary Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21508.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21508.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21508
reference_id
reference_type
scores
0
value 0.46188
scoring_system epss
scoring_elements 0.97732
published_at 2026-06-14T12:55:00Z
1
value 0.46188
scoring_system epss
scoring_elements 0.97722
published_at 2026-06-11T12:55:00Z
2
value 0.46188
scoring_system epss
scoring_elements 0.97731
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21508
2
reference_url https://blog.slonser.info/posts/mysql2-attacker-configuration
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.slonser.info/posts/mysql2-attacker-configuration
3
reference_url https://github.com/sidorares/node-mysql2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2274446
reference_id 2274446
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2274446
5
reference_url https://github.com/sidorares/node-mysql2/pull/2572
reference_id 2572
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T13:05:22Z/
url https://github.com/sidorares/node-mysql2/pull/2572
6
reference_url https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805
reference_id 74abf9ef94d76114d9a09415e28b496522a94805
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T13:05:22Z/
url https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21508
reference_id CVE-2024-21508
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21508
8
reference_url https://github.com/advisories/GHSA-fpw7-j2hg-69v5
reference_id GHSA-fpw7-j2hg-69v5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fpw7-j2hg-69v5
9
reference_url https://blog.slonser.info/posts/mysql2-attacker-configuration/
reference_id mysql2-attacker-configuration
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T13:05:22Z/
url https://blog.slonser.info/posts/mysql2-attacker-configuration/
10
reference_url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085
reference_id SNYK-JS-MYSQL2-6591085
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T13:05:22Z/
url https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085
11
reference_url https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21
reference_id text_parser.js%23L14C10-L14C21
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T13:05:22Z/
url https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21
12
reference_url https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4
reference_id v3.9.4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T13:05:22Z/
url https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4
fixed_packages
0
url pkg:npm/mysql2@3.9.4
purl pkg:npm/mysql2@3.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nfyp-7vxe-mkgd
1
vulnerability VCID-sgrh-4nnj-vqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mysql2@3.9.4
aliases CVE-2024-21508, GHSA-fpw7-j2hg-69v5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9gj-xfsc-6fhb
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/mysql2@1.1.0