CVE-2024-21508

Name of the Vulnerable Software and Affected Versions mysql2 versions prior to 3.9.4

Description The issue is related to the readCodeFor function in the mysql2 package, which is vulnerable to Remote Code Execution (RCE) due to improper validation of the supportBigNumbers and bigNumberStrings values. This allows a remote attacker to execute arbitrary code.

Recommendations For versions prior to 3.9.4, update to version 3.9.4 or later to resolve the issue. As a temporary workaround, consider disabling the readCodeFor function until a patch is available. Restrict access to the mysql2 package to minimize the risk of exploitation.