SQL Injection

loopback-connector-postgresql is vulnerable to sql injection attacks. The vulnerability exists in buildExpression function in postgresql.js because the user provided inputs for contains loopback filter are not properly sanitized which allows an attacker to inject and execute arbitrary sql command...

@maksym.khudyakov/feature-signup (>=1.0.0-alpha <=1.0.6-alpha), @maksym.khudyakov/feature-todo (>=1.0.0-alpha <=1.0.25-alpha) +20 more potentially affected by CVE-2022-35942 via loopback-connector-postgresql (>=2.4.1 <=3.9.1)

loopback-connector-postgresql NPM version =2.4.1, =1.0.0-alpha, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.12, =1.0.12, =0.0.13, =0.0.17, =1.0.0, =0.0.2, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2022-35942 Source advisory: OSV:GHSA-J259-6C58-9M58...

GHSA-J259-6C58-9M58 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

SQL Injection

loopback-connector-postgresql is vulnerable to SQL injection attacks. This is because user-supplied inputs are not properly sanitized before using them in SQL queries, allowing a remote attacker to inject or manipulate SQL queries in the back-end database...