Homepage

@nocobase/plugin-collection-sql@2.0.36

Provides SQL collection template

  • latest version

    2.0.51

  • latest non vulnerable version

    2.1.0-beta.29

  • first published

    1 years ago

  • latest version published

    14 hours ago

  • licenses detected

    • Apache-2.0
      >=2.0.3 <2.1.0-alpha.1; >=2.1.0-alpha.6 <2.1.0-beta.1; >=2.1.0-beta.5
  • View plugin-collection-sql package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @nocobase/plugin-collection-sql package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    SQL Injection

    @nocobase/plugin-collection-sql is a Provides SQL collection template

    Affected versions of this package are vulnerable to SQL Injection through the update handler in the collection SQL resource. An attacker can submit a malicious sql value while updating a SQL-backed collection and have it accepted without validation. This lets the attacker store dangerous SQL in the collection definition, putting the application at risk of unauthorized database access and exposure of sensitive data when the collection is later used.

    How to fix SQL Injection?

    Upgrade @nocobase/plugin-collection-sql to version 2.0.39 or higher.

    <2.0.39
    Go back to all versions of this package