Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmOTMtcnY0cC14NGp3
SQL Injection in sql
All versions of sql
are vulnerable to sql injection as it does not properly escape parameters when building SQL queries.
Recommendation
No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.
Permalink: https://github.com/advisories/GHSA-8f93-rv4p-x4jwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmOTMtcnY0cC14NGp3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-8f93-rv4p-x4jw
References:
- https://hackerone.com/reports/319465
- https://www.npmjs.com/advisories/662
- https://github.com/advisories/GHSA-8f93-rv4p-x4jw
Affected Packages
npm:sql
Dependent packages: 104Dependent repositories: 1,338
Downloads: 48,482 last month
Affected Version Ranges: <= 0.78.0
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.4, 0.0.5, 0.1.0, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.39.0, 0.40.0, 0.41.0, 0.42.0, 0.43.0, 0.43.1, 0.43.2, 0.44.0, 0.45.0, 0.45.1, 0.45.2, 0.45.3, 0.46.0, 0.47.0, 0.48.0, 0.49.0, 0.50.0, 0.51.0, 0.52.0, 0.54.0, 0.55.0, 0.56.0, 0.57.0, 0.58.0, 0.59.0, 0.60.0, 0.61.0, 0.62.0, 0.63.0, 0.63.1, 0.64.0, 0.64.1, 0.65.0, 0.66.0, 0.67.0, 0.68.0, 0.69.0, 0.70.0, 0.70.1, 0.71.0, 0.72.0, 0.73.0, 0.74.0, 0.75.0, 0.76.0, 0.76.1, 0.77.0, 0.78.0