GHSA-crpm-fm48-chj7

Source

https://github.com/advisories/GHSA-crpm-fm48-chj7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-crpm-fm48-chj7/GHSA-crpm-fm48-chj7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-crpm-fm48-chj7

Published

2020-09-11T21:13:44Z

Modified

2020-08-31T18:42:11Z

Summary

SQL Injection in resquel

Details

All versions of resquel are vulnerable to SQL Injection. Query parameters are not properly sanitized, allowing attackers to inject SQL statements and execute arbitrary SQL queries

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed_at": "2020-08-31T18:42:11Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": null
}

References

https://www.npmjs.com/advisories/963

Affected packages

npm / resquel

Package

Name: resquel; View open source insights on deps.dev
Purl: pkg:npm/resquel

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-crpm-fm48-chj7/GHSA-crpm-fm48-chj7.json"