Description
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
Remediation
References
https://hackerone.com/reports/311244
Related Vulnerabilities
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee8:jetty-ee8-servlets
CVE-2019-12086 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-21175 Vulnerability in npm package electron
CVE-2023-30528 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.sonos