Affected versions of sequelize
use MySQL’s backslash-based escape syntax when connecting to SQLite, despite the fact that SQLite uses PostgreSQL’s escape syntax, which can result in a SQL Injection vulnerability.
Update to version 1.7.0-alpha3 or later.
CPE | Name | Operator | Version |
---|---|---|---|
sequelize | le | 1.7.0-alpha2 |