GHSA-59xv-588h-2vmm: @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

April 10, 2026

The jsexprToSQL() function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints.

References

github.com/advisories/GHSA-59xv-588h-2vmm
github.com/saltcorn/saltcorn
github.com/saltcorn/saltcorn/security/advisories/GHSA-59xv-588h-2vmm

Code Behaviors & Features

Detect and mitigate GHSA-59xv-588h-2vmm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →