Summary
A SQL injection vulnerability was responsibly disclosed to this repository 30 days ago via GitHub Private Security Advisories (GHSA-mqrg-785q-hq3m). There has been no response from the maintainer, no CVE assignment, and no fix.
This issue is being opened to ensure users of @executeautomation/database-server are aware of the risk.
Vulnerability Details
Advisory ID: GHSA-mqrg-785q-hq3m
Severity: HIGH (CVSS 3.1 score: 8.8 — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE: CWE-89 (SQL Injection)
Affected versions: @executeautomation/database-server ≤ 1.1.0 (latest)
Root Cause
In src/db/mysql-adapter.ts, the MySQL connection is created with multipleStatements: true hardcoded:
const connection = await mysql.createConnection({
...
multipleStatements: true, // ← enables stacked query injection
});The only guard against unauthorized write operations is a startsWith("SELECT") prefix check on the query string. This is trivially bypassed by stacking statements:
SELECT 1; DROP TABLE users; --
This passes the readQuery guard and executes both statements.
Impact
An attacker (or a malicious AI agent using this MCP server) can execute arbitrary SQL statements against the database, including DROP, INSERT, UPDATE, DELETE, or GRANT — regardless of the readQuery/writeQuery distinction the server intends to enforce.
Fix
- Remove
multipleStatements: true from the MySQL connection config
- Use parameterized queries instead of raw string interpolation
- Enforce read-only access at the database user permission level, not in application code
Disclosure Timeline
- 2026-04-06: Vulnerability reported via GitHub Private Security Advisory (GHSA-mqrg-785q-hq3m)
- 2026-04-13: No response after 7 days — full disclosure sent to oss-security@openwall.com and security@npmjs.com
- 2026-04-13: GitHub Security ticket #143123 opened requesting maintainer escalation — GitHub confirmed they cannot force-publish private advisories
- 2026-05-06 (today): 30 days elapsed with zero maintainer engagement — opening this public issue per responsible disclosure best practices
This package has 1,000+ weekly npm downloads and is used in MCP-enabled AI agent setups where a connected AI could inadvertently or maliciously trigger this injection path.
Please patch this immediately or publish the advisory so Dependabot and npm audit can surface it to users.
Summary
A SQL injection vulnerability was responsibly disclosed to this repository 30 days ago via GitHub Private Security Advisories (GHSA-mqrg-785q-hq3m). There has been no response from the maintainer, no CVE assignment, and no fix.
This issue is being opened to ensure users of
@executeautomation/database-serverare aware of the risk.Vulnerability Details
Advisory ID: GHSA-mqrg-785q-hq3m
Severity: HIGH (CVSS 3.1 score: 8.8 — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE: CWE-89 (SQL Injection)
Affected versions:
@executeautomation/database-server≤ 1.1.0 (latest)Root Cause
In
src/db/mysql-adapter.ts, the MySQL connection is created withmultipleStatements: truehardcoded:The only guard against unauthorized write operations is a
startsWith("SELECT")prefix check on the query string. This is trivially bypassed by stacking statements:This passes the
readQueryguard and executes both statements.Impact
An attacker (or a malicious AI agent using this MCP server) can execute arbitrary SQL statements against the database, including
DROP,INSERT,UPDATE,DELETE, orGRANT— regardless of thereadQuery/writeQuerydistinction the server intends to enforce.Fix
multipleStatements: truefrom the MySQL connection configDisclosure Timeline
This package has 1,000+ weekly npm downloads and is used in MCP-enabled AI agent setups where a connected AI could inadvertently or maliciously trigger this injection path.
Please patch this immediately or publish the advisory so Dependabot and npm audit can surface it to users.