← back
CVE-2019-10752

CVE-2019-10752

EPSS 1.5%
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
Affected products
n/a · sequelize

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541ehttps://github.com/sequelize/sequelize/commit/9bd0bc1%2Chttps://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751%2C