CVE-2015-9244

CVE-2015-9244

EPSS 2.4%CWE-89

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

Affected products

HackerOne · mysql node module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/felixge/node-mysql/issues/342 https://nodesecurity.io/advisories/66