VYPR

Mysql Node Module

by Hackerone

CVEs (7)

  • CVE-2015-9244CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

  • CVE-2016-10664HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10698HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…

  • CVE-2017-16059HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16057HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16047HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2016-10626HigJun 1, 2018
    risk 0.46cvss 8.1epss 0.02

    mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the…