CVE-2015-9244

UNKNOWN

Published 2018-05-29T20:00:00Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2015-9244. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

mysql node module

Affected Versions:

<=v2.0.0-alpha7

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

SQL Injection in mysql

GHSA-fvq6-55gv-jx9f

Advisory Details

Versions of `mysql` prior to 2.0.0-alpha8 are affected by a SQL Injection vulnerability in the `mysql.escape()` function, which does not properly escape object keys. ## Recommendation Update to version 2.0.0-alpha8 or later.

Affected Packages

npm mysql

ECOSYSTEM: ≥0 <2.0.0-alpha8

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-9244

WEB https://github.com/felixge/node-mysql/issues/342

WEB https://www.npmjs.com/advisories/66

Advisory provided by GitHub Security Advisory Database. Published: September 1, 2020, Modified: August 31, 2020

References

https://github.com/felixge/node-mysql/issues/342

https://nodesecurity.io/advisories/66

Published: 2018-05-29T20:00:00Z

Last Modified: 2024-09-16T16:48:28.663Z

Copied to clipboard!

CVE-2015-9244

Expert Analysis

Description

Available Exploits

Related News

Affected Products

mysql node module

Affected Versions:

GitHub Security Advisories

SQL Injection in mysql

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

References

References

Request Analysis

What to expect

Request Received!