CVSS 3.1 Score 6.5 of 10 (medium)


Published Apr 10, 2024
CWE ID 1321


CVE-2024-21509 is a vulnerability found in versions of the mysql2 package before 3.9.4. This vulnerability is due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. It has a base severity rating of MEDIUM with a base score of 6.5 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The exploitability score is 3.9, and it requires no special privileges or user interaction to exploit. The attack vector is through the network, and the impact on integrity is low while confidentiality is not affected. The potential danger this vulnerability poses to an organization is that an attacker could potentially poison prototypes, leading to unauthorized access or manipulation of data. To remediate this vulnerability, users should update their mysql2 package to version 3.9.4 or higher to ensure that proper input sanitization and object creation are implemented, thus mitigating the risk of prototype poisoning attacks.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21509 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options