Описание
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-mysql | fixed | 2.0.0~alpha8-1 | package |
Примечания
https://github.com/felixge/node-mysql/issues/342
https://nodesecurity.io/advisories/66
nodejs not covered by security support
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
CVSS3: 9.8
nvd
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
