EUVD-2019-0274

Malware in sbrugna...

SQL Injection in waterline-sequel

Withdrawn: Duplicate of GHSA-cgpp-wm2h-6hqx...

GHSA-MPCX-8QQW-RMCQ SQL Injection in waterline-sequel

Withdrawn: Duplicate of GHSA-cgpp-wm2h-6hqx...

collectortoqueue (>=1.2.10 <=1.2.26), gladys (>=2.1.5 <=2.1.9) +13 more potentially affected by CVE-2016-10551 via waterline-sequel (>=0.0.21 <=0.4.0)

waterline-sequel NPM version =0.0.21, =1.2.10, =2.1.5, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.10.1, =0.0.1, =0.10.1, =0.7.3, =1.0.0-alpha.0, =0.1.0, =0.4.8 Source cves: CVE-2016-10551 Source advisory: OSV:GHSA-CGPP-WM2H-6HQX...

SQL Injection in waterline-sequel

Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods. Recommendation Upgrade to at least version 0.5.1...

GHSA-CGPP-WM2H-6HQX SQL Injection in waterline-sequel

Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods. Recommendation Upgrade to at least version 0.5.1...

waterline-sequel SQL Injection Vulnerability

waterline-sequel is a helper library for generating SQL queries from the Waterline query language. A security vulnerability exists in waterline-sequel version 0.50. An attacker can exploit this vulnerability to inject and execute SQL statements to gain full access to the database...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

Hardcoded credentials

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

Affected component: waterline-sequel. Vulnerability: SQL injection when user input is passed into waterline-sequel’s like, contains, startsWith, or endsWith paths, allowing an attacker to inject and execute arbitrary SQL with full DB access. Root cause (as described): input reaching waterline-seq...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

SQL Injection

Overview Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods. Recommendation Upgrade to at least version 0.5.1 References - Issue 1219 - PR 66 - GitHub Advisory...