CVE-2016-10553

Name of the Vulnerable Software and Affected Versions sequelize versions 2.1.3 and earlier

Description The issue concerns SQL injection when user input is passed into certain functions or statements, such as findOne or where: "user input". This allows for potential SQL injection attacks.

Recommendations Update to version 3.0.0 or later. If upgrading is not an option, ensure that all uses of where: "input" and findOne("input") are properly sanitized, such as by the use of a wrapper function.