@keyv/mysql
Releases61
Frequency1 month 3 weeks
Last Release
MySQL/MariaDB storage adapter for Keyv
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| = 2.17.1 | — | 2.1 LOW | ||
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | ||||
| <= 0.9.6, = 2.0.0 | 9.8 CRITICAL | 7.5 HIGH | ||
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | ||||
| < 5.6.36 | — | 7.2 HIGH | ||
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | ||||