CVE-2024-21511

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 23, 2024

CWE ID 94

Summary

CVE-2024-21511 is a newly disclosed vulnerability affecting versions of the MySQL adapter package mysql2 before 3.9.7. The issue stems from the readCodeFor function's failure to properly sanitize the timezone parameter, leading to Arbitrary Code Injection vulnerabilities. An attacker can exploit this flaw to execute malicious code on the affected system through a specially crafted timezone input. This vulnerability poses a significant risk to applications using the vulnerable version of mysql2 and requires swift upgrading to the patched version to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vju9OK
https://www.cve.org/CVERecord?id=CVE-2024-21511
https://nvd.nist.gov/vuln/detail/CVE-2024-21511

Back to Vulnerability Database

CVE-2024-21511

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations