CVE-2023-22494

Name of the Vulnerable Software and Affected Versions a12nserver versions prior to 0.23.0

Description The issue affects users of a12nserver who use MySQL, making them potentially vulnerable to SQL injection bugs. This could allow an attacker to obtain OAuth2 Access Tokens for unrelated users. The knex dependency has been updated to version 2.4.0 in a12nserver version 0.23.0 to address this issue.

Recommendations For versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the MySQL database to minimize the risk of exploitation.