Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NXgtNDltbS12bWh3

SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries

Recommendation

Upgrade to version 0.10.8 or later.

Permalink: https://github.com/advisories/GHSA-hx5x-49mm-vmhw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NXgtNDltbS12bWh3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: 9 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-hx5x-49mm-vmhw
References:

https://github.com/balderdashy/sails/issues/6679
https://snyk.io/vuln/SNYK-JS-SAILSMYSQL-174916
https://www.npmjs.com/advisories/950
https://github.com/advisories/GHSA-hx5x-49mm-vmhw

Affected Packages

npm:sails-mysql

Versions: < 0.10.8
Fixed in: 0.10.8