CVE-2024-21511 – Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection …

23 April 2024

Vuln ID: CVE-2024-21511

Published: 2024-04-23 05:15:48.963

Description: Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

Base Score: 9.8 – CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

23 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Microsoft plans to lock down Windows DNS like never before. Here’s how.4 May 2024
Kaspersky hits back at claims its AI helped Russia develop military drone systems4 May 2024
Kaspersky hits back at claims it helped Russia develop military drone systems3 May 2024
Smoke and (screen) mirrors: A strange signed backdoor3 May 2024
Kaspersky accused of helping Russia develop military drone systems3 May 2024