Fix mysql2 — CVE-2024-21508 CRITICAL
Fix CVE-2024-21508 (CRITICAL) in mysql2 for npm. Paste your package.json into PackageFix and get a patched version — no CLI, no signup. Remote code execution via sql injection in preparedstatement.
⚠ Vulnerability
CVE-2024-21508 (CRITICAL) — remote code execution via SQL injection in preparedStatement in mysql2 versions below 3.9.7.
Vulnerable Version — package.json
"mysql2": "3.6.0"
Fixed Version — package.json
"mysql2": "3.9.7"
✓ Fix
Update mysql2 to 3.9.7 or later. Run npm install to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2024-21508 |
| Severity | CRITICAL |
| Package | mysql2 (npm) |
| Vulnerable versions | Below 3.9.7 |
| Safe version | 3.9.7 |
| CISA KEV | — |
| Description | Remote code execution via sql injection in preparedstatement |
Frequently Asked Questions
What is CVE-2024-21508?
CVE-2024-21508 is a CRITICAL severity vulnerability in mysql2 (npm). It allows remote code execution via SQL injection in preparedStatement. Update to version 3.9.7 or later to fix it.
How do I fix CVE-2024-21508 in mysql2?
Update mysql2 to version 3.9.7 in your package.json. Run npm install after updating to apply the fix.
Is CVE-2024-21508 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2024-21508?
Paste your package.json into PackageFix. If your installed version of mysql2 is below 3.9.7, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: mysql2 CVE, mysql2 RCE, mysql2 vulnerability fix.