sails-mysql@0.7.4 vulnerabilities

MySQL adapter for Sails.js

Direct Vulnerabilities

Known vulnerabilities in the sails-mysql package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
SQL Injection

sails-mysql is a MySQL connection adapter for the Sails framework.

Affected versions of this package are vulnerable to SQL Injection. sort keyword allows possible query injection, for example: http://localhost:1337/user?sort=name ASC

How to fix SQL Injection?

Upgrade sails-mysql to version 0.10.8 or higher.

<0.10.8