sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit
or order
parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.
[
{
"product": "sequelize node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<= 3.16.0"
}
]
}
]