0.001 Low
EPSS
Percentile
35.0%
connect-pg-simple is vulnerable to SQL injection. SQL queries with schemaName or tableName are not sanitized, allowing an attacker to inject and execute malicious SQL.
schemaName
tableName
github.com/voxpelli/node-connect-pg-simple/commit/ad9bf56cfd30567cef9856de81013235a6053576
github.com/voxpelli/node-connect-pg-simple/commit/df61c9507f804ba72803e4f567c3cbcfa0a9d7e1
github.com/voxpelli/node-connect-pg-simple/security/advisories/GHSA-xqh8-5j36-4556