EPSS
Percentile
57.0%
sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not escape the JSON path key provided by the user using postgres dialects in query-generator.js.
query-generator.js
github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
github.com/sequelize/sequelize/pull/11088