5 matches found
CVE-2019-10749
creationtimestamp| type| source ---|---|--- 2024-01-29 15:41:13+00:00| seen| https://t.me/ctinow/175338...
@aaa-backend-stack/graphql (>=1.16.1 <=2.4.4), @aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9) +263 more potentially affected by CVE-2019-10749 via sequelize (>=1.0.2 <=3.34.0)
sequelize NPM version =1.0.2, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.12.0, =1.0.22, =2.0.10, =1.0.97, =1.6.489, =1.6.735 and more Source cves: CVE-2019-10749 Source advisory: OSV:GHSA-2598-2F59-RMHQ...
CVE-2019-10749
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...
CVE-2019-10749
CVE-2019-10749 affects sequelize prior to 3.35.1. The vulnerability arises in the Postgres dialect where JSON path keys are not properly sanitized, enabling SQL injection. Affected component: Sequelize (Node.js ORM) code paths used for generating queries with JSON path keys. Exploitation details ...
@aaa-backend-stack/graphql (>=1.16.1 <=2.4.4), @aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9) +102 more potentially affected by CVE-2019-10749 via sequelize (>=3.0.1 <=3.34.0)
sequelize NPM version =3.0.1, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.12.0, =1.0.22, =2.0.10, =1.0.97, =1.6.489, =1.6.735 and more Source cves: CVE-2019-10749 Source advisory: SNYK:JS-SEQUELIZE-450222...