loopback-connector-oracle@1.1.3 vulnerabilities

Loopback Oracle Connector

Direct Vulnerabilities

Known vulnerabilities in the loopback-connector-oracle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
SQL Injection

loopback-connector-oracle is Loopback Oracle Connector. Affected versions of the package are vulnerable to SQL injection attacks. User-supplied inputs are not properly sanitized before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

How to fix SQL Injection?

Upgrade loopback-connector-oracle to version 1.5.0 or higher.

<1.5.0