Description
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
Remediation
References
https://github.com/felixge/node-mysql/issues/342
https://nodesecurity.io/advisories/66
Related Vulnerabilities
CVE-2022-39299 Vulnerability in npm package passport-saml
CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog
CVE-2021-41862 Vulnerability in maven package com.googlecode.aviator:aviator
CVE-2021-32817 Vulnerability in npm package express-hbs
CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice