EUVD-2019-0274

Malware in sbrugna...

GHSA-MPCX-8QQW-RMCQ SQL Injection in waterline-sequel

Withdrawn: Duplicate of GHSA-cgpp-wm2h-6hqx...

SQL Injection in waterline-sequel

Withdrawn: Duplicate of GHSA-cgpp-wm2h-6hqx...

collectortoqueue (>=1.2.10 <=1.2.26), gladys (>=2.1.5 <=2.1.9) +13 more potentially affected by CVE-2016-10551 via waterline-sequel (>=0.0.21 <=0.4.0)

waterline-sequel NPM version =0.0.21, =1.2.10, =2.1.5, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.10.1, =0.0.1, =0.10.1, =0.7.3, =1.0.0-alpha.0, =0.1.0, =0.4.8 Source cves: CVE-2016-10551 Source advisory: OSV:GHSA-CGPP-WM2H-6HQX...

GHSA-CGPP-WM2H-6HQX SQL Injection in waterline-sequel

Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods. Recommendation Upgrade to at least version 0.5.1...

SQL Injection in waterline-sequel

Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods. Recommendation Upgrade to at least version 0.5.1...

waterline-sequel SQL Injection Vulnerability

waterline-sequel is a helper library for generating SQL queries from the Waterline query language. A security vulnerability exists in waterline-sequel version 0.50. An attacker can exploit this vulnerability to inject and execute SQL statements to gain full access to the database...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

Hardcoded credentials

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

Affected component: waterline-sequel. Vulnerability: SQL injection when user input is passed into waterline-sequel’s like, contains, startsWith, or endsWith paths, allowing an attacker to inject and execute arbitrary SQL with full DB access. Root cause (as described): input reaching waterline-seq...

SQL Injection

Overview Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods. Recommendation Upgrade to at least version 0.5.1 References - Issue 1219 - PR 66 - GitHub Advisory...