npm package
mysql
pkg:npm/mysql
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14939 | — | >= 2.17.1, < 2.18.0 | 2.18.0 | Aug 12, 2019 | An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | ||
| CVE-2015-9244 | Cri | 9.8 | < 2.0.0-alpha8 | 2.0.0-alpha8 | May 29, 2018 | Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. |
- CVE-2019-14939Aug 12, 2019affected >= 2.17.1, < 2.18.0fixed 2.18.0
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.
- affected < 2.0.0-alpha8fixed 2.0.0-alpha8
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.