geckon01/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2026-06-15 23:20:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
732eac6fa89f43288bbb65ecc6298ebcd96b7aeb
anything-llm/server/utils
History
Timothy Carambat 334ce052f0 Fix SQL injection in SQL Agent plugin via parameterized queries 
Replace string concatenation with parameterized queries in all database
connectors to prevent SQL injection through LLM-generated table names.

Changes:
- PostgreSQL: Use $1, $2 placeholders with pg client parameterization
- MySQL: Use ? placeholders with mysql2 execute() prepared statements
- MSSQL: Use @p0 placeholders with request.input() parameterization
- Update handlers to support parameterized query objects
- Add formatQueryForDisplay() for logging parameterized queries

Security: Mitigates potential SQL injection when LLM passes unsanitized
user input as table_name parameter to getTableSchemaSql/getTablesSql.
GHSA-jwjx-mw2p-5wc7
2026-03-12 21:56:57 -07:00
..
agentFlows
Native Tool calling (#5071)
2026-02-26 13:37:56 -08:00
agents
Fix SQL injection in SQL Agent plugin via parameterized queries
2026-03-12 21:56:57 -07:00
AiProviders
Remove use_mlock from Ollama to solve WARN logs in ollama 0.17
2026-03-10 09:08:05 -07:00
BackgroundWorkers
Workspace Chat with documents overhaul (#4261)
2025-08-11 09:26:19 -07:00
boot
Web push notifications (#4942)
2026-02-02 10:56:58 -08:00
chats
Implement v2 chat layout designs (#5074)
2026-03-10 12:50:19 -07:00
collectorApi
add longer HTTP ttl on forward extension requests
2025-11-20 23:00:18 -08:00
comKey
[BETA] Live document sync (#1719)
2024-06-21 13:38:50 -07:00
database
Prune telemetry events
2025-04-29 13:54:00 -07:00
DocumentManager
Enable ability to do full-text query on documents (#758)
2024-02-21 13:15:45 -08:00
EmbeddingEngines
Add custom fetch to embedder for Ollama (#5180)
2026-03-09 11:47:00 -07:00
EmbeddingRerankers/native
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
EncryptionManager
[BETA] Live document sync (#1719)
2024-06-21 13:38:50 -07:00
files
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
helpers
Fix: Azure OpenAI model key collision (#5092)
2026-03-05 17:12:08 -08:00
http
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
logger
patch logger for full logs
2024-07-19 18:35:41 -07:00
MCP
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
middleware
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
PasswordRecovery
Merge commit from fork
2026-01-02 15:50:50 -08:00
prisma
Fix Typos in Comments and Documentation (#3987)
2025-06-12 13:59:38 -07:00
PushNotifications
Web push notifications (#4942)
2026-02-02 10:56:58 -08:00
telemetry
Prune telemetry events
2025-04-29 13:54:00 -07:00
TextSplitter
Native Embedder model selection (incl: Multilingual support) (#3835)
2025-07-22 10:07:20 -07:00
TextToSpeech
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
vectorDbProviders
chore: add ESLint to /server (#5126)
2026-03-05 16:32:45 -08:00
vectorStore
PGvector vector database support (#3788)
2025-05-09 12:27:11 -07:00