Nostradamus Predicting Maelstroms
mysql

SQL Injection

Severity: moderate

Overview

Versions of mysql prior to 2.0.0-alpha8 are affected by a SQL Injection vulnerability in the mysql.escape() function, which does not properly escape object keys.

Remediation

Update to version 2.0.0-alpha8 or later.

Vulnerable versions

0.1.0
8 years ago
0.2.0
8 years ago
0.3.0
8 years ago
0.4.0
8 years ago
0.5.0
8 years ago
0.6.0
8 years ago
0.7.0
8 years ago
0.8.0
8 years ago
0.9.0
8 years ago
0.9.1
7 years ago
0.9.2
7 years ago
0.9.3
7 years ago
0.9.4
7 years ago
0.9.5
7 years ago
0.9.6
6 years ago
2.0.0-alpha
6 years ago
2.0.0-alpha2
6 years ago
2.0.0-alpha3
6 years ago
2.0.0-alpha4
6 years ago
2.0.0-alpha5
6 years ago
2.0.0-alpha6
6 years ago
2.0.0-alpha7
6 years ago

Unaffected versions

2.0.0-preview
6 years ago
2.0.0-alpha8
5 years ago
2.0.0-alpha9
5 years ago
2.0.0-rc1
5 years ago
2.0.0-rc2
5 years ago
2.0.0
5 years ago
2.0.1
5 years ago
2.1.0
4 years ago
2.1.1
4 years ago
2.2.0
4 years ago
2.3.0
4 years ago
2.3.1
4 years ago
2.3.2
4 years ago
2.4.0
4 years ago
2.4.1
4 years ago
2.4.2
4 years ago
2.4.3
4 years ago
2.5.0
4 years ago
2.5.1
4 years ago
2.5.2
4 years ago
2.5.3
4 years ago
2.5.4
4 years ago
2.5.5
3 years ago
2.6.0
3 years ago
2.6.1
3 years ago
2.6.2
3 years ago
2.7.0
3 years ago
2.8.0
3 years ago
2.9.0
3 years ago
2.10.0
3 years ago
2.10.1
3 years ago
2.10.2
3 years ago
2.11.0
2 years ago
2.11.1
2 years ago
2.12.0
2 years ago
2.13.0
2 years ago
2.14.0
a year ago
2.14.1
a year ago
2.15.0
10 months ago
2.16.0
a month ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Dec 28th, 2015
  2. Reported

    Initial report by Sébastian Dejonghe
    Dec 28th, 2015