Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Release Notes
sidorares/node-mysql2 (mysql2)
### [`v3.9.7`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.6...v3.9.7)
##### Bug Fixes
- **security:** sanitize timezone parameter value to prevent code injection ([#2608](https://togithub.com/sidorares/node-mysql2/issues/2608)) ([7d4b098](https://togithub.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713))
### [`v3.9.6`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.5...v3.9.6)
##### Bug Fixes
- binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#2601](https://togithub.com/sidorares/node-mysql2/issues/2601)) ([705835d](https://togithub.com/sidorares/node-mysql2/commit/705835d06ff437cf0bf3169dac0a5f68002c4f87))
### [`v3.9.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.4...v3.9.5)
##### Bug Fixes
- revert breaking change in results creation ([#2591](https://togithub.com/sidorares/node-mysql2/issues/2591)) ([f7c60d0](https://togithub.com/sidorares/node-mysql2/commit/f7c60d01a49666130f51d3847ccfdd3d6e3d33e9))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.9.4->3.9.7GitHub Vulnerability Alerts
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Release Notes
sidorares/node-mysql2 (mysql2)
### [`v3.9.7`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.6...v3.9.7) ##### Bug Fixes - **security:** sanitize timezone parameter value to prevent code injection ([#2608](https://togithub.com/sidorares/node-mysql2/issues/2608)) ([7d4b098](https://togithub.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713)) ### [`v3.9.6`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.5...v3.9.6) ##### Bug Fixes - binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#2601](https://togithub.com/sidorares/node-mysql2/issues/2601)) ([705835d](https://togithub.com/sidorares/node-mysql2/commit/705835d06ff437cf0bf3169dac0a5f68002c4f87)) ### [`v3.9.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.4...v3.9.5) ##### Bug Fixes - revert breaking change in results creation ([#2591](https://togithub.com/sidorares/node-mysql2/issues/2591)) ([f7c60d0](https://togithub.com/sidorares/node-mysql2/commit/f7c60d01a49666130f51d3847ccfdd3d6e3d33e9))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.