Security Advisory
CVE-2024-21509
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.