Description
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
Remediation
References
https://hackerone.com/reports/311244
Related Vulnerabilities
CVE-2016-10735 Vulnerability in maven package org.webjars.npm:bootstrap
CVE-2023-34612 Vulnerability in maven package com.helger.commons:ph-json
CVE-2017-5941 Vulnerability in npm package node-serialize
CVE-2020-23256 Vulnerability in npm package electerm
CVE-2023-3163 Vulnerability in maven package com.ruoyi:ruoyi-common