CVE-2024-21512 Information

Description

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Reference

https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580 https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a https://github.com/sidorares/node-mysql2/pull/2702 https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc