VYPR

npm package

mysql

pkg:npm/mysql

Vulnerabilities (2)

  • CVE-2019-14939Aug 12, 2019
    affected >= 2.17.1, < 2.18.0fixed 2.18.0

    An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.

  • CVE-2015-9244CriMay 29, 2018
    affected < 2.0.0-alpha8fixed 2.0.0-alpha8

    Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.