3 matches found
CVE-2019-10749
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...
CVE-2019-10749
CVE-2019-10749 affects sequelize prior to 3.35.1. The vulnerability arises in the Postgres dialect where JSON path keys are not properly sanitized, enabling SQL injection. Affected component: Sequelize (Node.js ORM) code paths used for generating queries with JSON path keys. Exploitation details ...
@aaa-backend-stack/graphql (>=1.16.1 <=2.4.4), @aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9) +102 more potentially affected by CVE-2019-10749 via sequelize (>=3.0.1 <=3.34.0)
sequelize NPM version =3.0.1, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.12.0, =1.0.22, =2.0.10, =1.0.97, =1.6.489, =1.6.735 and more Source cves: CVE-2019-10749 Source advisory: SNYK:JS-SEQUELIZE-450222...