Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type

Summary SQL injection via unescaped cast type in JSON/JSONB where clause processing. The traverseJSON function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST... AS SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data...