Linux Distros Unpatched Vulnerability : CVE-2019-14939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. CVE-2019-14939 Note that Nessu...

MySQLjs SQL Injection Authentication Bypass

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. Typically, query escape functions or placeholders are known to prevent SQL injections. However, mysqljs/mysql is known to have different escape methods over different...

mysqljs is malware

The mysqljs package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

graph.generator20 (>=1.0.0 <=1.0.2) potentially affected by CVE-2017-16047 via mysqljs (=0.0.2-security)

mysqljs NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on mysqljs and may be impacted: - graph.generator20 =1.0.0, =1.0.2 Source cves: CVE-2017-16047 Source advisory: OSV:GHSA-8GV6-G7VP-HR34...

GHSA-8GV6-G7VP-HR34 mysqljs is malware

The mysqljs package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

CVE-2019-14939

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

CVE-2019-14939

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

Buffer overflow

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

CVE-2019-14939

CVE-2019-14939 affects the mysqljs/mYSQL module for Node.js (version 2.17.1). The issue is that the LOAD DATA LOCAL INFILE option is enabled by default, enabling potential exposure of data via local file loading. The CVSS3 vector indicates LOCAL attack vector, LOW complexity, with LOW privileges ...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

mysqljs Information Disclosure Vulnerability

mysqljs is a malware that steals environment variables and sends them to an attacker. A security vulnerability exists in mysqljs. The vulnerability can be exploited by an attacker to steal environment variables and send them to an address under the attacker's control...

Code injection

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16047

CVE-2017-16047 corresponds to the mysqljs npm package, which is described across multiple sources as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The core issue is that the package behaved as a malicious module, and all versions have been unpubl...