Mysql Node Module
by Hackerone
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9244 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | ||
| CVE-2016-10664 | Hig | 0.53 | 8.1 | 0.02 | Jun 4, 2018 | mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker… | ||
| CVE-2016-10698 | Hig | 0.53 | 8.1 | 0.02 | May 29, 2018 | mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an… | ||
| CVE-2017-16059 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16057 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16047 | Hig | 0.49 | 7.5 | 0.01 | May 29, 2018 | mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2016-10626 | Hig | 0.46 | 8.1 | 0.02 | Jun 1, 2018 | mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the… |
- risk 0.64cvss 9.8epss 0.02
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
- risk 0.53cvss 8.1epss 0.02
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…
- risk 0.53cvss 8.1epss 0.02
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…
- risk 0.49cvss 7.5epss 0.01
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.46cvss 8.1epss 0.02
mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the…