Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxOGctcXE1Ny01Mjc1
SQL Injection in untitled-model
All versions of untitled-model
re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Permalink: https://github.com/advisories/GHSA-hq8g-qq57-5275JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxOGctcXE1Ny01Mjc1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago
Identifiers: GHSA-hq8g-qq57-5275
References:
- https://hackerone.com/reports/507222
- https://www.npmjs.com/advisories/989
- https://github.com/advisories/GHSA-hq8g-qq57-5275
Affected Packages
npm:untitled-model
Dependent packages: 1Dependent repositories: 1
Downloads: 10 last month
Affected Version Ranges: >= 0
No known fixed version
All affected versions: 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5