- Fixed
sql.identifier(),sql.as()escaping issues. Previously all the values passed to this functions were not properly escaped
causing a possible SQL Injection (CWE-89) vulnerability
Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix
Contributors
wgoodall01, 0x90sh, and EthanKim88