CVE-2024-21508

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-21508
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21508.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-21508
Aliases
Downstream
Related
Published
2024-04-11T05:15:47.263Z
Modified
2026-03-15T22:49:18.850570Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

References

Affected packages

Git / github.com/sidorares/node-mysql2

Affected ranges

Type
GIT
Repo
https://github.com/sidorares/node-mysql2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
74abf9ef94d76114d9a09415e28b496522a94805
Type
GIT
Repo
https://github.com/sidorares/node-mysql2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cf3fa60842e7e359db5b1d676f93a22ad6fea082
Type
GIT
Repo
https://github.com/sidorares/node-mysql2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
74abf9ef94d76114d9a09415e28b496522a94805
Type
GIT
Repo
https://github.com/sidorares/node-mysql2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cf3fa60842e7e359db5b1d676f93a22ad6fea082

Affected versions

v0.*
v0.10.4
v0.10.6
v0.10.7
v0.11.0
v0.11.1
v0.11.2
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.13.0
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.15.6
v0.15.7
v0.15.8
v0.8.11
v0.8.13
v0.8.14
v0.8.15
v0.8.16
v0.8.17
v0.8.18
v0.8.19
v0.8.20
v0.9.2
v1.*
v1.0.0
v1.0.0-rc.1
v1.0.0-rc.10
v1.0.0-rc.11
v1.0.0-rc.12
v1.0.0-rc.2
v1.0.0-rc.3
v1.0.0-rc.4
v1.0.0-rc.5
v1.0.0-rc.6
v1.0.0-rc.7
v1.0.0-rc.8
v1.0.0-rc.9
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.4.1
v1.4.2
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v2.*
v2.0.0
v2.0.0-alpha1
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.3-rc.0
v3.*
v3.0.0
v3.0.0-rc.1
v3.0.1
v3.1.0
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.7.0
v3.7.1
v3.8.0
v3.9.0
v3.9.1
v3.9.2
v3.9.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21508.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "mysql2"
            },
            {
                "fixed": "3.9.4"
            }
        ]
    }
]