Description
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
Remediation
References
https://github.com/thinkjs/thinkjs
https://blog.jiguang.xyz/posts/thinkjs-sql-injection/
Related Vulnerabilities
CVE-2021-23370 Vulnerability in npm package swiper
CVE-2022-37257 Vulnerability in npm package steal
CVE-2013-6393 Vulnerability in npm package libyaml
CVE-2017-12633 Vulnerability in maven package org.apache.camel:camel-hessian
CVE-2019-10342 Vulnerability in maven package io.jenkins.docker:docker-plugin