Fixe

**Name of the Vulnerable Software and Affected Versions** sequelize versions prior to 2.0.0-rc8 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `order` parameter when user input is passed into it. This can be exploited by manipulating the order parameter in queries, such as in the `findAndCountAll` method. **Recommendations** Update to version 2.0.0-rc8 or later. As a temporary workaround, consider validating and sanitizing user input for the `order` parameter to prevent malicious SQL commands. Restrict access to the `order` parameter in the affected API endpoint to minimize the risk of exploitation.