Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
References
Link | Resource |
---|---|
https://hackerone.com/reports/311244 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2018-05-24T00:00:00
Updated: 2018-07-03T20:57:01
Reserved: 2017-12-28T00:00:00
Link: CVE-2018-3754
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-03T21:29:00.793
Modified: 2018-09-04T13:17:48.100
Link: CVE-2018-3754
JSON object: View
Redhat Information
No data.
CWE