CVE-2015-9244

moderate-risk
Published 2018-05-29

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

Do I need to act?

-
0.94% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (7)

Mysql
Mysql
Mysql
Mysql
Mysql
Mysql
Mysql

Affected Vendors

Mysqljs

References (4)

Exploit https://github.com/felixge/node-mysql/issues/342
Third Party Advisory https://nodesecurity.io/advisories/66
Exploit https://github.com/felixge/node-mysql/issues/342
Third Party Advisory https://nodesecurity.io/advisories/66
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 14/34 · Moderate