CVE-2017-16047
https://notcve.org/view.php?id=CVE-2017-16047
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. mysqljs era un módulo malicioso publicado para secuestrar variables de entorno. Ha sido retirado por npm. • https://nodesecurity.io/advisories/494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-506: Embedded Malicious Code •
CVE-2015-9244
https://notcve.org/view.php?id=CVE-2015-9244
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. Las claves de objetos en el módulo mysql node en versiones v2.0.0-alpha7 y anteriores no se escapan con "mysql.escape()", lo que podría conducir a una inyección SQL. • https://github.com/felixge/node-mysql/issues/342 https://nodesecurity.io/advisories/66 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •