Mickhansen

**Name of the Vulnerable Software and Affected Versions** sequelize versions 3.16.0 and earlier **Description** The issue concerns SQL Injection where user input is passed into the `limit` or `order` parameters of sequelize query calls, such as `findOne` or `findAll`. This allows a malicious user to inject their own SQL statements. **Recommendations** For versions 3.16.0 and earlier, update to version 3.17.0 or later. As a temporary workaround, consider restricting user input for the `limit` and `order` parameters to prevent SQL injection attacks.