SQL Injection Affecting mysql Open this link in a new tab package, versions [2.0.0-alpha,2.0.0-alpha8)
Attack Complexity
Low
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-DOTNET-MYSQL-60192
-
published
27 Dec 2016
-
disclosed
27 Dec 2016
-
credit
Sébastian Dejonghe
Introduced: 27 Dec 2016
CWE-89 Open this link in a new tabHow to fix?
Upgrade mysql
to version >=v2.0.0-alpha8 or higher.
Overview
mysql
is a node.js driver for mysql.
Affected versions of this package do not properly escape column identifiers with mysql.escape()
and can result in SQL injection vulnerability.