Description
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2019-0706 | Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. |
Github GHSA |
GHSA-m9jw-237r-gvfv | SQL Injection in sequelize |
References
History
No history.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-08-04T22:32:01.546Z
Reserved: 2019-04-03T00:00:00.000Z
Link: CVE-2019-10752
No data.
Status : Modified
Published: 2019-10-17T19:15:10.420
Modified: 2026-06-17T02:11:36.227
Link: CVE-2019-10752
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
EUVD
Github GHSA