CVE-2015-9244

描述

Versions of `mysql` prior to 2.0.0-alpha8 are affected by a SQL Injection vulnerability in the `mysql.escape()` function, which does not properly escape object keys. ## Recommendation Update to version 2.0.0-alpha8 or later.

受影響套件(2)

• Debian/node-mysqlfrom 0, < 2.0.0~alpha8-1
• npm/mysqlfrom 0, < 2.0.0-alpha8

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-9244
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-9244
• WEBhttps://github.com/felixge/node-mysql/issues/342
• WEBhttps://www.npmjs.com/advisories/66