{
  "threat_severity" : "Important",
  "public_date" : "2024-05-29T00:00:00Z",
  "bugzilla" : {
    "description" : "mysql2: vulnerable to Prototype Pollution due to improper user input sanitization",
    "id" : "2283737",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2283737"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-1321",
  "details" : [ "Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.", "A flaw was found in MySQL2. This issue is due to prototype pollution caused by improper user input sanitization passed to fields and tables when using nestTables." ],
  "package_state" : [ {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Not affected",
    "package_name" : "rhdh-operator-container",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Not affected",
    "package_name" : "rhdh/rhdh-hub-rhel9",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-21512\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21512\nhttps://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a\nhttps://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc\nhttps://github.com/sidorares/node-mysql2/pull/2702\nhttps://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580" ],
  "name" : "CVE-2024-21512",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}