0.002 Low
EPSS
Percentile
61.0%
Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll.
sequelize
limit
order
findOne
findAll
Update to version 3.17.0 or later.
github.com/advisories/GHSA-98pq-pmw9-4gpm
github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03
nvd.nist.gov/vuln/detail/CVE-2016-10550
www.npmjs.com/advisories/112