PT-2019-4688 · Mysql Server · Mysql Server

Published

2019-08-11

Updated

2022-05-24

CVE-2019-14939

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions mysql (mysqljs) module version 2.17.1

Description The issue exists due to insufficient input validation in the LOAD DATA LOCAL INFILE component of the mysql (mysqljs) module for Node.js. This could allow an attacker to gain unauthorized access to protected information. The LOAD DATA LOCAL INFILE option is open by default.

Recommendations For mysql (mysqljs) module version 2.17.1, consider disabling the LOAD DATA LOCAL INFILE option as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-01060

CVE-2019-14939

GHSA-F982-MXWC-3MRX

Affected Products

Mysql Server

PT-2019-4688 · Mysql Server · Mysql Server

CVE-2019-14939

Weakness Enumeration

Related Identifiers

Affected Products

References · 17