AI Score
Confidence
Low
EPSS
Percentile
61.1%
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
github.com/sequelize/sequelize/commit/9bd0bc1%2C
github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e
snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
snyk.io/vuln/SNYK-JS-SEQUELIZE-459751%2C