CVE-2019-15658 Information
Feb 14, 2021
cve
Description
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Reference
https://github.com/voxpelli/node-connect-pg-simple/security/advisories/GHSA-xqh8-5j36-4556
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
7.3
Share on: