Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4rch-2fh8-94vw: MySQL2 for Node Arbitrary Code Injection

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

ghsa
#sql#git

MySQL2 for Node Arbitrary Code Injection

Critical severity GitHub Reviewed Published Apr 23, 2024 to the GitHub Advisory Database • Updated Apr 23, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname