Description

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Remediation

References

https://hackerone.com/reports/311244

Related Vulnerabilities

CVE-2023-29923 Vulnerability in maven package tech.powerjob:powerjob

CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment

CVE-2019-20503 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-server

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory