Ephys

**Name of the Vulnerable Software and Affected Versions** Sequelize versions prior to 6.19.1 **Description** The issue is related to SQL injection due to improper escaping of parameters passed through replacements. This can lead to arbitrary SQL injection depending on the specific queries in use. For example, in a query where some parameters are passed through replacements and some are passed directly through the `where` option, an attacker could inject malicious SQL code by providing specially crafted input, such as `OR true; DROP TABLE users;`. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For Sequelize versions prior to 6.19.1, upgrade to version 6.19.1 or later to fix the issue. As a temporary workaround for users unable to upgrade, do not use the `replacements` and the `where` option in the same query.