You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sonatype-2019-0547
The SqlKata package is vulnerable to SQL Injection. The ChangeToSqlValue function in QueryBuilder.dll does not escape single quotes (') in user-supplied input, which is used to construct and execute SQL queries. A remote attacker can exploit this behavior by supplying specially-crafted input, allowing them to alter the SQL query in order to exfiltrate or modify data in an affected database.
Has this been fixed? I can't see anything in the issues log, and I can attempt a fix if not.
The text was updated successfully, but these errors were encountered:
We scanned our code base and this issue came up
Has this been fixed? I can't see anything in the issues log, and I can attempt a fix if not.
The text was updated successfully, but these errors were encountered: