CVE-2019-14939

Name of the Vulnerable Software and Affected Versions mysql (mysqljs) module version 2.17.1

Description The issue exists due to insufficient input validation in the LOAD DATA LOCAL INFILE component of the mysql (mysqljs) module for Node.js. This could allow an attacker to gain unauthorized access to protected information. The LOAD DATA LOCAL INFILE option is open by default.

Recommendations For mysql (mysqljs) module version 2.17.1, consider disabling the LOAD DATA LOCAL INFILE option as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.