Description
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
Remediation
References
https://hackerone.com/reports/311244
Related Vulnerabilities
CVE-2019-10786 Vulnerability in npm package network-manager
CVE-2022-29257 Vulnerability in npm package electron
CVE-2018-5653 Vulnerability in maven package org.apache.cayenne.modeler:cayenne-modeler
CVE-2021-35517 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2023-32007 Vulnerability in maven package org.apache.spark:spark-core_2.12