Описание
SQL Injection in sails-mysql
Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries
Recommendation
Upgrade to version 0.10.8 or later.
Пакеты
Наименование
sails-mysql
npm
Затронутые версииВерсия исправления
< 0.10.8
0.10.8
7.5 High
CVSS3
Дефекты
CWE-89
7.5 High
CVSS3
Дефекты
CWE-89