loopback-connector-postgresql 1.1.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the loopback-connector-postgresql package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C SQL Injection loopback-connector-postgresql is a loopback PostgreSQL connector. Affected versions of this package are vulnerable to SQL Injection via the `contains` loopback filter handled in `lib/postgresql.js`. This vulnerability is exploitable if the package is used in any of the following ways: Connecting to the database via the DataSource with `allowExtendedProperties: true` enabled Using the connector's CRUD methods directly Using the connector's other methods to interpret the LoopBack filter How to fix SQL Injection? Upgrade `loopback-connector-postgresql` to version 5.5.1 or higher.	<5.5.1
M SQL Injection `loopback-connector-postgresql` is Loopback PostgreSQL Connector. Affected versions of the package are vulnerable to SQL injection attacks. User-supplied inputs are not properly sanitized before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. How to fix SQL Injection? Upgrade `loopback-connector-postgresql` to version 1.3.0 or higher.	<1.3.0

Vulnerability

Vulnerable Version

SQL Injection

loopback-connector-postgresql is a loopback PostgreSQL connector.

Affected versions of this package are vulnerable to SQL Injection via the contains loopback filter handled in lib/postgresql.js. This vulnerability is exploitable if the package is used in any of the following ways:

Connecting to the database via the DataSource with allowExtendedProperties: true enabled
Using the connector's CRUD methods directly
Using the connector's other methods to interpret the LoopBack filter

How to fix SQL Injection?

Upgrade loopback-connector-postgresql to version 5.5.1 or higher.

<5.5.1

SQL Injection

loopback-connector-postgresql is Loopback PostgreSQL Connector. Affected versions of the package are vulnerable to SQL injection attacks. User-supplied inputs are not properly sanitized before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

How to fix SQL Injection?

Upgrade loopback-connector-postgresql to version 1.3.0 or higher.

<1.3.0

loopback-connector-postgresql@1.1.0 vulnerabilities

Loopback PostgreSQL Connector

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically