Vulnerabilities > Nozbe

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-4035 SQL Injection vulnerability in Nozbe Watermelondb 0.16.0/0.16.1
In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable.
network
low complexity
nozbe CWE-89
5.5