PT-2024-18922 · Mysql2 · Mysql2
Slonser
+1
·
Published
2024-04-10
·
Updated
2025-06-17
·
CVE-2024-21507
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
mysql2 versions prior to 3.9.3
Description
The issue is related to Improper Input Validation through the
keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key.Recommendations
For versions prior to 3.9.3, update to version 3.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the input to the
keyFromFields function to prevent the injection of malicious characters.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysql2