EUVD-2020-0454

Malware in sbrugna...

WatermelonDB SQL Injection Vulnerability

WatermelonDB is the next generation React database for building powerful React and React Native applications that can scale from hundreds to tens of thousands of records while remaining fast. A SQL injection vulnerability in WatermelonDB versions prior to 0.15.1 and prior to 0.16.2, which stems...

firemelon (>=0.0.5 <=0.0.7) potentially affected by CVE-2020-4035 via @nozbe/watermelondb (=0.14.1)

@nozbe/watermelondb NPM version =0.14.1 is affected by a known vulnerability. The following packages have a transitive dependency on @nozbe/watermelondb and may be impacted: - firemelon =0.0.5, =0.0.7 Source cves: CVE-2020-4035 Source advisory: OSV:GHSA-38F9-M297-6Q9G...

DoS via malicious record IDs in WatermelonDB

Impact Medium severity 5.9 https://www.first.org/cvss/calculator/3.0CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H A maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally...

CVE-2020-4035

In WatermelonDB NPM package "@nozbe/watermelondb" before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become...

CVE-2020-4035

In WatermelonDB NPM package "@nozbe/watermelondb" before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become...

Sql injection

In WatermelonDB NPM package "@nozbe/watermelondb" before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become...

CVE-2020-4035 DoS or local data modification via malicious record IDs in WatermelonDB

In WatermelonDB NPM package "@nozbe/watermelondb" before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become...

CVE-2020-4035

Summary: WatermelonDB (package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2 is affected by a SQL Injection vulnerability in the iOS adapter that can, via a maliciously crafted record ID, delete all or selected records and render the app unusable. What is affected: WatermelonDB with vu...