Affected versions of sequelize
are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects, which may allow attackers to inject SQL statements and execute arbitrary SQL queries.
If you are using sequelize
5.x, upgrade to version 5.8.11 or later.
If you are using sequelize
4.x, upgrade to version 4.44.3 or later.
If you are using sequelize
3.x, upgrade to version 3.35.1 or later.