What the vulnerability does

01Description

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

Key dates

02Disclosure timeline

May 29, 2018 CVE published
September 16, 2024 Record updated