@azhou/basemodel@1.0.0 vulnerabilities

Basic CRUD functions of data model

latest version

1.0.0

first published

9 years ago

latest version published

9 years ago

licenses detected

ISC
>=0

View basemodel package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @azhou/basemodel package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H SQL Injection @azhou/basemodel is a package. Affected versions of this package are vulnerable to SQL Injection. All table names and fields arguments of all methods are fed directly into query by string concatenation without escaping which may lead to sql injection. In addition, `order by` fields of `model.getAll(fields, orderby)` is not escaped and directly used in query which lead to blind sql injection. How to fix SQL Injection? There is no fixed version for `@azhou/basemodel`.	*

SQL Injection

@azhou/basemodel is a package.

Affected versions of this package are vulnerable to SQL Injection. All table names and fields arguments of all methods are fed directly into query by string concatenation without escaping which may lead to sql injection. In addition, order by fields of model.getAll(fields, orderby) is not escaped and directly used in query which lead to blind sql injection.

How to fix SQL Injection?

There is no fixed version for @azhou/basemodel.

Go back to all versions of this package