CVE-2018-3754: SQL Injection

July 3, 2018 (updated September 4, 2018)

query-mysql is vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

References

nvd.nist.gov/vuln/detail/CVE-2018-3754

Code Behaviors & Features

Detect and mitigate CVE-2018-3754 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →