CVE-2024-21509

Summary

CVE-2024-21509 is a vulnerability found in versions of the mysql2 package before 3.9.4. This vulnerability is due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. It has a base severity rating of MEDIUM with a base score of 6.5 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The exploitability score is 3.9, and it requires no special privileges or user interaction to exploit. The attack vector is through the network, and the impact on integrity is low while confidentiality is not affected. The potential danger this vulnerability poses to an organization is that an attacker could potentially poison prototypes, leading to unauthorized access or manipulation of data. To remediate this vulnerability, users should update their mysql2 package to version 3.9.4 or higher to ensure that proper input sanitization and object creation are implemented, thus mitigating the risk of prototype poisoning attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.