Headline
CVE-2021-4290: Update passport.js · maboehm/fallstudie@5c13c6a
A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907.
@@ -25,7 +25,7 @@ module.exports = function (passport) {
// used to deserialize the user
passport.deserializeUser(function (id, done) {
connection.query("select * from users where id = " + id, function (err, rows) {
connection.query("select * from users where id = ?", [id], function (err, rows) {
done(err, rows[0]);
});
});
@@ -46,7 +46,7 @@ module.exports = function (passport) {
function (req, email, password, done) {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
connection.query(“select * from users where email = '” + email + "’", function (err, rows) {
connection.query(“select * from users where email = ?” + [email], function (err, rows) {
if (err) {return done(err);}
if (rows.length) {
req.signUpMessage = 'Diese e-Mail ist bei uns bereits registriert’;
@@ -84,7 +84,7 @@ module.exports = function (passport) {
passReqToCallback: true // allows us to pass back the entire request to the callback
},
function (req, email, password, done) { // callback with email and password from our form
connection.query(“SELECT * FROM `users` WHERE `email` = '” + email + "’", function (err, rows) {
connection.query("SELECT * FROM `users` WHERE `email` = ?", [email], function (err, rows) {
if (err) {return done(err);}
if (!rows.length) {