Advisories for Npm/Loopback-Connector-Postgresql package

2022

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: - Connect to the …

Duplicate of ./npm/loopback-connector-postgresql/CVE-2022-35942.yml

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. This affects users who does any of the following: Connect to the database via the DataSource with allowExtendedProperties: true …