5 lines
298 B
Markdown
5 lines
298 B
Markdown
- Fixed `sql.identifier()`, `sql.as()` escaping issues. Previously all the values passed to this functions were not properly escaped
|
|
causing a possible SQL Injection (CWE-89) vulnerability
|
|
|
|
Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix
|