← voltar
CVE-2019-10752

CVE-2019-10752

EPSS 1.5%
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
Produtos afetados
n/a · sequelize

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541ehttps://github.com/sequelize/sequelize/commit/9bd0bc1%2Chttps://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751%2C