Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2019-10-17T18:12:43

Updated: 2024-08-04T22:32:01.546Z

Reserved: 2019-04-03T00:00:00

Link: CVE-2019-10752

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-17T19:15:10.420

Modified: 2024-11-21T04:19:51.137

Link: CVE-2019-10752

cve-icon Redhat

No data.