Lucene search
GoogleOSV:GHSA-J9XP-92VC-559JHistoryNov 06, 2019 - 5:11 p.m.
SQL Injection in sequelize
2019-11-0617:11:10
Google
osv.dev
8
EPSS
0.002
Percentile
56.0%
Affected versions of sequelize are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects, which may allow attackers to inject SQL statements and execute arbitrary SQL queries.
Recommendation
If you are using sequelize 5.x, upgrade to version 5.8.11 or later.
If you are using sequelize 4.x, upgrade to version 4.44.3 or later.
If you are using sequelize 3.x, upgrade to version 3.35.1 or later.
Related
osv
osv
CVE-2019-10748
2019-10-29 19:15:00
veracode
veracode
SQL Injection
2019-06-24 08:24:13
nvd
nvd
CVE-2019-10748
2019-10-29 19:15:16
cve
cve
CVE-2019-10748
2019-10-29 19:15:16
cvelist
cvelist
CVE-2019-10748
2019-10-28 21:42:45
nodejs
nodejs
SQL Injection
2019-06-24 15:07:08
github
github
SQL Injection in sequelize
2019-11-06 17:11:10
prion
prion
Sql injection
2019-10-29 19:15:00