CVE-2018-3754

Name of the Vulnerable Software and Affected Versions query-mysql versions 0.0.0 through 0.0.2 query-mysql (all versions)

Description The issue is related to a lack of user input sanitization, which may allow an attacker to run arbitrary SQL queries when fetching data from the database. This is due to an SQL injection vulnerability.

Recommendations For versions 0.0.0 through 0.0.2, consider avoiding the use of this module if user input is passed into it, as no fix is currently available for this vulnerability. For all versions, it is recommended to not install or use this module if user input is passed into it, due to the lack of a fix for the SQL injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.