4.5.2
10 years ago
2 months ago
Known vulnerabilities in the alasql package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
alasql is an Use SQL to select and filter javascript data - including relational joins and search in nested objects (JSON). Export to and import from Excel and CSV Affected versions of this package are vulnerable to Arbitrary Code Injection. AlaSQL doesn't restrict characters in square brackets ( POC
How to fix Arbitrary Code Injection? Upgrade | <0.7.0 |