CVE-2024-21512 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
snyk	CNA	8.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Common Weakness Enumeration

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

References

https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a

https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc

https://github.com/sidorares/node-mysql2/pull/2702

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010

https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580

https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a

https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc

https://github.com/sidorares/node-mysql2/pull/2702

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010

https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580