Description
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
Remediation
References
https://nodesecurity.io/advisories/66
https://github.com/felixge/node-mysql/issues/342
Related Vulnerabilities
CVE-2021-41183 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2023-40344 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2019-9737 Vulnerability in maven package org.webjars.bower:editor.md
CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server
CVE-2022-43441 Vulnerability in maven package org.webjars.npm:sqlite3