VYPR
Critical severity9.8NVD Advisory· Published Apr 23, 2024· Updated Apr 15, 2026

CVE-2024-21511

CVE-2024-21511

Description

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mysql2npm
< 3.9.73.9.7

Affected products

5

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.