0.002 Low
EPSS
Percentile
51.9%
nodebatis is vulnerable to sql injection. The vulnerability exists due to the getInsertSql function in sqlBuilder.js which doesn’t escape the key and tableName attributes, allowing an attacker to inject and execute malicious SQL queries.
getInsertSql
sqlBuilder.js
key
tableName
github.com/advisories/GHSA-8ph8-9q2j-c3rq
github.com/PeterMu/nodebatis/commit/6629ff5b7e3d62ad8319007a54589ec1f62c7c35
github.com/PeterMu/nodebatis/releases/tag/v2.2.0
vuldb.com/?ctiid.217554
vuldb.com/?id.217554