Описание
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with mysql.escape() which could lead to SQL Injection.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.6 (включая)
Одно из
cpe:2.3:a:mysqljs:mysql:*:*:*:*:*:node.js:*:*
cpe:2.3:a:mysqljs:mysql:2.0.0:alpha:*:*:*:node.js:*:*
cpe:2.3:a:mysqljs:mysql:2.0.0:alpha2:*:*:*:node.js:*:*
cpe:2.3:a:mysqljs:mysql:2.0.0:alpha3:*:*:*:node.js:*:*
cpe:2.3:a:mysqljs:mysql:2.0.0:alpha4:*:*:*:node.js:*:*
cpe:2.3:a:mysqljs:mysql:2.0.0:alpha7:*:*:*:node.js:*:*
cpe:2.3:a:mysqljs:mysql:2.0.0:preview:*:*:*:node.js:*:*
EPSS
Процентиль: 76%
0.00941
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
CVSS3: 9.8
debian
больше 7 лет назад
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not ...
EPSS
Процентиль: 76%
0.00941
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
CWE-89