Headline
GHSA-4rch-2fh8-94vw: MySQL2 for Node Arbitrary Code Injection
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
MySQL2 for Node Arbitrary Code Injection
Critical severity GitHub Reviewed Published Apr 23, 2024 to the GitHub Advisory Database • Updated Apr 23, 2024