Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with mysql.escape()
which could lead to SQL Injection.
CPE | Name | Operator | Version |
---|---|---|---|
mysql | le | 0.9.6 | |
mysql | eq | 2.0.0 alpha | |
mysql | eq | 2.0.0 alpha2 | |
mysql | eq | 2.0.0 alpha3 | |
mysql | eq | 2.0.0 alpha4 | |
mysql | eq | 2.0.0 alpha7 | |
mysql | eq | 2.0.0 preview |