CVE-2024-21511
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-21511 is a newly disclosed vulnerability affecting versions of the MySQL adapter package mysql2 before 3.9.7. The issue stems from the readCodeFor function's failure to properly sanitize the timezone parameter, leading to Arbitrary Code Injection vulnerabilities. An attacker can exploit this flaw to execute malicious code on the affected system through a specially crafted timezone input. This vulnerability poses a significant risk to applications using the vulnerable version of mysql2 and requires swift upgrading to the patched version to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.