loopback-connector-postgresql@1.1.4 vulnerabilities

Loopback PostgreSQL Connector

Direct Vulnerabilities

Known vulnerabilities in the loopback-connector-postgresql package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
SQL Injection

loopback-connector-postgresql is a loopback PostgreSQL connector.

Affected versions of this package are vulnerable to SQL Injection via the contains loopback filter handled in lib/postgresql.js. This vulnerability is exploitable if the package is used in any of the following ways:

  • Connecting to the database via the DataSource with allowExtendedProperties: true enabled
  • Using the connector's CRUD methods directly
  • Using the connector's other methods to interpret the LoopBack filter

How to fix SQL Injection?

Upgrade loopback-connector-postgresql to version 5.5.1 or higher.

<5.5.1
  • M
SQL Injection

loopback-connector-postgresql is Loopback PostgreSQL Connector. Affected versions of the package are vulnerable to SQL injection attacks. User-supplied inputs are not properly sanitized before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

How to fix SQL Injection?

Upgrade loopback-connector-postgresql to version 1.3.0 or higher.

<1.3.0