Описание
SQL Injection in query-mysql
All versions of query-mysql are vulnerable to SQL injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database.
Recommendation
No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is passed into this module.
Пакеты
Наименование
query-mysql
npm
Затронутые версииВерсия исправления
<= 0.0.2
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.