loopback-connector-mssql@1.2.0 vulnerabilities

Microsoft SQL Server connector for LoopBack

Direct Vulnerabilities

Known vulnerabilities in the loopback-connector-mssql package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
SQL Injection

loopback-connector-mssql is Loopback Microsoft SQL Server Connector. Affected versions of the package are vulnerable to SQL injection attacks. User-supplied inputs are not properly sanitized before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

How to fix SQL Injection?

Upgrade loopback-connector-mssql to version 1.3.0 or higher.

<1.3.0