PT-2019-20075 · Sequelize · Sequelize
Published
2019-06-04
·
Updated
2019-06-04
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
sequelize versions prior to 4.12.0
Description
The issue affects the
sequelize library, where query operators such as $gt are not properly sanitized. This may allow an attacker to alter data queries, leading to NoSQL Injection.Recommendations
For versions prior to 4.12.0, upgrade to version 4.12.0 or later.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sequelize