GMS-2020-475: SQL Injection in resquel

September 11, 2020 (updated September 28, 2021)

All versions of resquel are vulnerable to SQL Injection. Query parameters are not properly sanitized, allowing attackers to inject SQL statements and execute arbitrary SQL queries No fix is currently available. Consider using an alternative package until a fix is made available.

References

github.com/advisories/GHSA-crpm-fm48-chj7
www.npmjs.com/advisories/963

Code Behaviors & Features

Detect and mitigate GMS-2020-475 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →