MySQL2 for Node Arbitrary Code Injection

[AGiljanovic]

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

Fix: Update the package version

See link

[NewerKey]

updated package to unaffected version as suggested.