Fix SQL injection vulnerabilities in authentication and product queries #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft

Copilot wants to merge 3 commits into master from copilot/apply-autofixes-744

Draft

Fix SQL injection vulnerabilities in authentication and product queries #90

Apply SQL injection vulnerability fixes to model/products.js and mode…

Codacy Production / Codacy Static Code Analysis required action Aug 28, 2025 in 0s

29 new issues (0 max.) of at least severity.

Annotations

Check failure on line 52 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L52

Insecure dependency npm/body-parser@1.13.3 (CVE-2024-45590: body-parser: Denial of Service Vulnerability in body-parser) (update to 1.20.3)

Check notice on line 137 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L137

Insecure dependency npm/debug@2.2.0 (CVE-2017-16137: nodejs-debug: Regular expression Denial of Service) (update to 2.6.9)

Check failure on line 137 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L137

Insecure dependency npm/debug@2.2.0 (CVE-2017-20165: A vulnerability classified as problematic has been found in debug-js d ...) (update to 2.6.9)

Check failure on line 167 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L167

Insecure dependency npm/ejs@2.7.4 (CVE-2022-29078: ejs: server-side template injection in outputFunctionName) (update to 3.1.7)

Check warning on line 167 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L167

Insecure dependency npm/ejs@2.7.4 (CVE-2024-33883: The ejs (aka Embedded JavaScript templates) package before 3.1.10 for  ...) (update to 3.1.10)

Check warning on line 188 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L188

Insecure dependency npm/ejs@0.8.8 (CVE-2017-1000188: nodejs-ejs: Cross-site scripting via ejs.renderFile()) (update to 2.5.5)

Check failure on line 188 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L188

Insecure dependency npm/ejs@0.8.8 (CVE-2017-1000228: nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...) (update to 2.5.5)

Check notice on line 209 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L209

Insecure dependency npm/express@4.13.4 (CVE-2024-43796: express: Improper Input Handling in Express Redirects) (update to 4.20.0)

Check notice on line 303 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L303

Insecure dependency npm/cookie@0.1.5 (CVE-2024-47764: cookie: cookie accepts cookie name, path, and domain with out of bounds characters) (update to 0.7.0)

Check failure on line 345 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L345

Insecure dependency npm/fresh@0.3.0 (CVE-2017-16119: nodejs-fresh: Regular expression denial of service when parsing crafted user input) (update to 0.5.2)

Check warning on line 406 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L406

Insecure dependency npm/log4js@0.6.38 (CVE-2022-21704: log4js-node is a port of log4js to node.js. In affected versions defau ...) (update to 6.4.0)

Check failure on line 454 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L454

Insecure dependency npm/mime@1.3.4 (CVE-2017-16138: nodejs-mime: Regular expression Denial of Service) (update to 1.4.1)

Check failure on line 483 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L483

Insecure dependency npm/morgan@1.6.1 (CVE-2019-5413: nodejs-morgan: Unescaped input in compile() function) (update to 1.9.1)

Check warning on line 483 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L483

Insecure dependency npm/morgan@1.6.1 (NSWG-ECO-473: Arbitrary Code Injection) (update to >=1.9.1)

Check notice on line 499 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L499

Insecure dependency npm/on-headers@1.0.2 (CVE-2025-7339: on-headers: on-headers vulnerable to http response header manipulation) (update to 1.1.0)

Check warning on line 508 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L508

Insecure dependency npm/ms@0.7.1 (CVE-2017-20162: Vercel ms Inefficient Regular Expression Complexity vulnerability) (update to 2.0.0)

Check failure on line 513 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L513

Insecure dependency npm/negotiator@0.5.3 (CVE-2016-10539: negotiator is an HTTP content negotiator for Node.js and is used by ma ...) (update to 0.6.1)

Check failure on line 564 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L564

Insecure dependency npm/pg@5.1.0 (CVE-2017-16082: A remote code execution vulnerability was found within the pg module w ...) (update to 5.2.1)

Check failure on line 637 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L637

Insecure dependency npm/semver@4.3.2 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 5.7.2)

Check failure on line 707 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L707

Insecure dependency npm/qs@4.0.0 (CVE-2017-1000048: nodejs-qs: Prototype override protection bypass) (update to 6.0.4)

Check failure on line 792 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L792

Insecure dependency npm/semver@4.3.6 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 5.7.2)

Check notice on line 801 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L801

Insecure dependency npm/send@0.13.1 (CVE-2024-43799: send: Code Execution Vulnerability in Send Library) (update to 0.19.0)

Check warning on line 854 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L854

Insecure dependency npm/ms@0.7.2 (CVE-2017-20162: Vercel ms Inefficient Regular Expression Complexity vulnerability) (update to 2.0.0)

Check notice on line 860 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L860

Insecure dependency npm/serve-static@1.10.3 (CVE-2024-43800: serve-static: Improper Sanitization in serve-static) (update to 1.16.0)

Check notice on line 883 in package-lock.json

codacy-production / Codacy Static Code Analysis

package-lock.json#L883

Insecure dependency npm/send@0.13.2 (CVE-2024-43799: send: Code Execution Vulnerability in Send Library) (update to 0.19.0)

View more details on Codacy Production