EPSS
Percentile
95.8%
node-postgres is vulnerable to remote code execution (RCE) attacks. The library does not properly escape the results field, allowing a malicious user to inject and execute arbitrary code.
github.com/brianc/node-postgres/commit/48543bfad08d8be9e1fadacafdaf4405556ee556
github.com/brianc/node-postgres/issues/1408
node-postgres.com/announcements#2017-08-12-code-execution-vulnerability
nodesecurity.io/advisories/521