4 matches found
CVE-2019-15658
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...
CVE-2019-15658
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...
CVE-2019-15658
The CVE-2019-15658 entry concerns the npm package connect-pg-simple (PostgreSQL session store). Affected versions prior to 6.0.1 are vulnerable to SQL injection when tableName or schemaName are untrusted inputs. The root cause is in PGStore.prototype.quotedTable, which uses those variables to bui...
CVE-2019-15658
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...