Zhaoyudi

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the `timezone` parameter in the `readCodeFor` function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function. This can allow a remote attacker to execute arbitrary code. Recommendations: For versions prior to 3.9.7, update to version 3.9.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `readCodeFor` function or sanitizing the `timezone` parameter to minimize the risk of exploitation.