CVE-2015-9244: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

September 1, 2020 (updated January 7, 2021)

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with mysql.escape() which could lead to SQL Injection.

References

github.com/advisories/GHSA-fvq6-55gv-jx9f
github.com/felixge/node-mysql/issues/342
nodesecurity.io/advisories/66
nvd.nist.gov/vuln/detail/CVE-2015-9244
www.npmjs.com/advisories/66

Detect and mitigate CVE-2015-9244 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →