March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple IBM Security Verify Access Vulnerabilities
June 3, 2024Andariel APT Uses New Dora RAT to Target South Korean Institutes – Active IOCs
June 3, 2024Multiple IBM Security Verify Access Vulnerabilities
June 3, 2024Andariel APT Uses New Dora RAT to Target South Korean Institutes – Active IOCs
June 3, 2024
Severity
High
Analysis Summary
CVE-2024-21512
Node.js MySQL2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in nestTables. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-21512
Affected Vendors
Node.js
Affected Products
- Node.js MySQL2 3.9.7
Remediation
Upgrade to the latest version of MySQL2, available from the MySQL2 GIT Repository.