We found a sever security hole in sql-injection library for Node

Posted by

It’s in this library: https://www.npmjs.com/package/sql-injection
It allows an attacker to run Select queries on the entire database. Seems like it’s a bug in the Regular Expressions that filter the SQL Injection.

We opened a Jira case but never got a response:
https://github.com/socialradar/sql-injection/issues/new

Leave a Reply

Your email address will not be published. Required fields are marked *