SQL Injection Affecting mysql package, versions >=2.0.0-alpha <2.0.0-alpha8


0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

    Threat Intelligence

    EPSS 0.26% (65th percentile)
Expand this section
NVD
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:mysql:20151228
  • published 5 Jan 2016
  • disclosed 28 Dec 2015
  • credit Sébastian Dejonghe

How to fix?

Upgrade mysql to version >=v2.0.0-alpha8 or higher.

Overview

mysql is a node.js driver for mysql. Affected versions of this package do not properly escape column identifiers with mysql.escape() and can result in SQL injection vulnerability.