Описание
MySQL2 for Node Arbitrary Code Injection
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Ссылки
Пакеты
mysql2
< 3.9.7
3.9.7
Связанные уязвимости
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Уязвимость функции readCodeFor библиотеки для работы с базами данных mysql2, позволяющая нарушителю выполнить произвольный код