Описание
SQL Injection in mysql
Versions of mysql prior to 2.0.0-alpha8 are affected by a SQL Injection vulnerability in the mysql.escape() function, which does not properly escape object keys.
Recommendation
Update to version 2.0.0-alpha8 or later.
Пакеты
Наименование
mysql
npm
Затронутые версииВерсия исправления
<= 2.0.0-alpha7
2.0.0-alpha8
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
CVSS3: 9.8
nvd
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
CVSS3: 9.8
debian
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not ...