Description
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
Remediation
References
https://hackerone.com/reports/311244
Related Vulnerabilities
CVE-2023-31581 Vulnerability in maven package com.usthe.sureness:sureness-core
CVE-2022-0437 Vulnerability in npm package karma
CVE-2020-28498 Vulnerability in npm package elliptic
CVE-2023-45278 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2020-12648 Vulnerability in maven package org.webjars:tinymce