Voxpelli

**Name of the Vulnerable Software and Affected Versions** connect-pg-simple versions prior to 6.0.1 **Description** The issue allows for SQL injection if the `tableName` or `schemaName` is untrusted data. This can occur when an unsanitized table name input is used. **Recommendations** For versions prior to 6.0.1, upgrade to version 6.0.1 to resolve the issue. As a temporary workaround for versions that cannot be upgraded, sanitize and escape the `tableName` and `schemaName` options before sending them to the constructor, but note that such escaping would need to be removed when upgrading to 6.0.1 or later to avoid double escaping.