Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NXgtNDltbS12bWh3
SQL Injection in sails-mysql
Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries
Recommendation
Upgrade to version 0.10.8 or later.
Permalink: https://github.com/advisories/GHSA-hx5x-49mm-vmhwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NXgtNDltbS12bWh3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-hx5x-49mm-vmhw
References:
- https://github.com/balderdashy/sails/issues/6679
- https://snyk.io/vuln/SNYK-JS-SAILSMYSQL-174916
- https://www.npmjs.com/advisories/950
- https://github.com/advisories/GHSA-hx5x-49mm-vmhw
Blast Radius: 22.9
Affected Packages
npm:sails-mysql
Dependent packages: 72Dependent repositories: 1,144
Downloads: 24,266 last month
Affected Version Ranges: < 0.10.8
Fixed in: 0.10.8
All affected versions: 0.6.0, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7
All unaffected versions: 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.12.0, 0.12.1, 0.12.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 2.0.0, 3.0.0, 3.0.1