loopback-connector-mysql@1.4.4 vulnerabilities

MySQL connector for loopback-datasource-juggler

  • latest version

    7.0.17

  • latest non vulnerable version

  • first published

    11 years ago

  • latest version published

    9 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the loopback-connector-mysql package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    SQL Injection

    loopback-connector-mysql is Loopback Oracle Connector. Affected versions of the package are vulnerable to SQL injection attacks. User-supplied inputs are not properly sanitized before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

    How to fix SQL Injection?

    Upgrade loopback-connector-mysql to version 1.5.0 or higher.

    <1.5.0