mysql-import icon indicating copy to clipboard operation
mysql-import copied to clipboard

Published 20 hours ago verified publisher icon Pamblam

Bump mysql2 reference

Open danielolarm opened this issue 8 months ago • 0 comments

Describe the bug Version 5.0.26 depends on vulnerable version of mysql2. The dependency should be updated to latest version of mysql2.

Code To Reproduce npm audit report shown below

# npm audit report

mysql2  <=3.9.7
Severity: critical
mysql2 Remote Code Execution (RCE) via the readCodeFor function - https://github.com/advisories/GHSA-fpw7-j2hg-69v5
mysql2 vulnerable to Prototype Poisoning - https://github.com/advisories/GHSA-49j4-86m8-q2jw
mysql2 cache poisoning vulnerability - https://github.com/advisories/GHSA-mqr2-w7wj-jjgr
MySQL2 for Node Arbitrary Code Injection - https://github.com/advisories/GHSA-4rch-2fh8-94vw
mysql2 vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-pmh2-wpjm-fj45
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/mysql-import/node_modules/mysql2
  mysql-import  >=5.0.26
  Depends on vulnerable versions of mysql2
  node_modules/mysql-import

danielolarm avatar Jun 19 '24 13:06 danielolarm