Description
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
Remediation
References
https://hackerone.com/reports/311244
Related Vulnerabilities
CVE-2022-39381 Vulnerability in npm package muhammara
CVE-2019-10792 Vulnerability in npm package bodymen
CVE-2023-37754 Vulnerability in maven package tech.powerjob:powerjob-common
CVE-2018-3720 Vulnerability in npm package assign-deep
CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bc-fips-debug