EPSS
Percentile
56.0%
sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not properly escape the JSON path key provided by user using mariadb dialects in query-generator.js.
query-generator.js
github.com/sequelize/sequelize/commit/a72a3f5
github.com/sequelize/sequelize/commit/a72a3f5,
github.com/sequelize/sequelize/pull/11089
github.com/sequelize/sequelize/pull/11089,