4.6.6
11 years ago
6 months ago
Known vulnerabilities in the alasql package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version | 
|---|---|
| 
 alasql is an Use SQL to select and filter javascript data - including relational joins and search in nested objects (JSON). Export to and import from Excel and CSV Affected versions of this package are vulnerable to Arbitrary Code Injection. AlaSQL doesn't restrict characters in square brackets ( POCHow to fix Arbitrary Code Injection? Upgrade  | <0.7.0 |