CVE-2024-21512

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.8

Description: The issue is related to improper user input sanitization passed to fields and tables when using nestTables, leading to Prototype Pollution. This can allow a remote attacker to implement a Prototype Pollution attack. The vulnerability affects a popular MySQL client library for Node.js with over 2 million monthly downloads, potentially putting countless applications at risk.

Recommendations: For versions prior to 3.9.8, update to version 3.9.8 or later to resolve the issue. As a temporary workaround, consider disabling the use of nestTables until a patch is available. Restrict access to user input that may be passed to fields and tables to minimize the risk of exploitation. Avoid using unsanitized user input in the affected API endpoints until the issue is resolved.