pg-promise@5.0.3 vulnerabilities
PostgreSQL interface for Node.js
-
latest version
11.10.2
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
21 days ago
-
licenses detected
- >=0.1.3
Direct Vulnerabilities
Known vulnerabilities in the pg-promise package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pg-promise is a PostgreSQL interface for Node.js Affected versions of this package are vulnerable to SQL Injection when using the simple query mode. Since When a placeholder is directly preceded by a minus Note: To exploit this behavior and cause SQL Injection, the following conditions must be met by a parameterized query:
How to fix SQL Injection? Upgrade |
<11.5.5
|