Do your applications use this vulnerable package?
Test your applications
Overview
mysql2csv
is Export table to .csv using conditions and key.
Affected versions of the package are vulnerable to Arbitrary File Write.
Thanks to Liang Gong for disclosing this vulnerability!
Remediation
There is no fix version for mysql2csv
.
References
CVSS Score
7.3
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Liang Gong
- CWE
- CWE-626
- Snyk ID
- npm:mysql2csv:20170510
- Disclosed
- 19 May, 2017
- Published
- 07 Jun, 2017