2018-05-29 20:00:00
hackerone
PUBLISHED
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.