GMS-2019-57: SQL Injection in sql

June 12, 2019 (updated August 4, 2021)

All versions of sql are vulnerable to sql injection as it does not properly escape parameters when building SQL queries. No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.

References

github.com/advisories/GHSA-8f93-rv4p-x4jw
hackerone.com/reports/319465
nodesecurity.io/advisories/662
www.npmjs.com/advisories/662

Code Behaviors & Features

Detect and mitigate GMS-2019-57 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →