Описание
SQL Injection in waterline-sequel
Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods.
Recommendation
Upgrade to at least version 0.5.1
Пакеты
Наименование
waterline-sequel
npm
Затронутые версииВерсия исправления
< 0.5.1
0.5.1
Связанные уязвимости
CVSS3: 9.8
nvd
больше 7 лет назад
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.