GMS-2020-543: SQL Injection in untitled-model

September 11, 2020 (updated September 28, 2021)

All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. No fix is currently available. Consider using an alternative package until a fix is made available.

References

github.com/advisories/GHSA-hq8g-qq57-5275
hackerone.com/reports/507222
www.npmjs.com/advisories/989

Code Behaviors & Features

Detect and mitigate GMS-2020-543 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →