You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sample in the Auth0 docs for IBM DB2 is not using a parameterized SQL Query. If anyone uses this snippet of code, they would be vulnerable to SQL Injection.
Description
The sample in the Auth0 docs for IBM DB2 is not using a parameterized SQL Query. If anyone uses this snippet of code, they would be vulnerable to SQL Injection.
https://auth0.com/docs/authenticate/database-connections/db2-script
https://github.com/auth0/docs/blob/master/articles/connections/database/db2-script.md?plain=1
The sample should instead use a parameterized query: https://github.com/ibmdb/node-ibm_db/blob/master/APIDocumentation.md#-3-querysqlquery--bindingparameters-callback
The text was updated successfully, but these errors were encountered: