3 matches found
@saltcorn/cli (>=1.0.0 <=1.4.5), @saltcorn/mobile-builder (>=1.0.0 <=1.4.5) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.0.0-beta.1 <=1.4.5)
@saltcorn/mobile-app NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...
@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.14), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.14) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.6.0-alpha.0 <=1.6.0-beta.4)
@saltcorn/mobile-app NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.14 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...
SQL Injection
Overview @saltcorn/mobile-app is a Saltcorn mobile app for Android and iOS Affected versions of this package are vulnerable to SQL Injection via the getSyncRows and getDelRows functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database contents,...