Sql injection

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

Sql injection

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...

CVE-2019-10749

CVE-2019-10749 affects sequelize prior to 3.35.1. The vulnerability arises in the Postgres dialect where JSON path keys are not properly sanitized, enabling SQL injection. Affected component: Sequelize (Node.js ORM) code paths used for generating queries with JSON path keys. Exploitation details ...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

CVE-2019-10748

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...

CVE-2019-10748

CVE-2019-10748 affects the Sequelize ORM. The vulnerability is a SQL Injection issue in Sequelize versions prior to 3.35.1, 4.44.3, and 5.8.11, caused by JSON path keys not being properly escaped in the MySQL/MariaDB dialects. The risk is high due to network-exposed attack potential and the abili...

12g (=0.0.27), 402 (>=0.0.2 <=0.1.1) +995 more potentially affected by CVE-2019-10752 via sequelize (>=1.0.2 <=4.44.2)

sequelize NPM version =1.0.2, =0.0.2, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =0.0.1, =1.1.7, =0.0.1, =1.0.0, =4.0.2, =5.2.3 and more Source cves: CVE-2019-10752 Source advisory: OSV:GHSA-M9JW-237R-GVFV...

ayakashi (>=1.0.0-beta3 <=1.0.0-beta5.2), cplotter-validator (>=0.0.1 <=0.0.2) +7 more potentially affected by CVE-2019-10752 via sequelize (>=5.10.0 <=5.14.0)

sequelize NPM version =5.10.0, =1.0.0-beta3, =0.0.1, =2.0.0-alpha.2, =1.0.0-beta.15, =2.0.0, =1.0.8, =1.0.9 Source cves: CVE-2019-10752 Source advisory: OSV:GHSA-M9JW-237R-GVFV...

GHSA-M9JW-237R-GVFV SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example: js return...

SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example: js return...

SQL Injection

sequelize is vulnerable to SQL injection. The vulnerability exists due to improper escaping of values in the sequelize.json helper function when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

Sql injection

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

CVE-2019-10752

CVE-2019-10752 affects the Sequelize ORM. All versions prior to 4.44.3 and 5.15.1 are vulnerable to SQL Injection because the helper function sequelize.json() does not escape values properly when formatting sub paths for JSON queries in MySQL, MariaDB and SQLite. The vulnerability is documented a...

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

SQL Injection

Overview Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example: retu...

Denial of Service

Overview Versions of sequelize prior to 4.44.4 are vulnerable to Denial of Service DoS. The SQLite dialect fails to catch a TypeError exception for the results variable. The results value may be undefined and trigger the error on a .map call. This may allow attackers to submit malicious input tha...

@alexbp-ds/microservice-wrapper (=1.1.8), @apifie/node-microservice (>=0.0.1 <=1.0.3) +94 more potentially affected by CVE-2019-10752 via sequelize (>=4.0.0 <=4.44.2)

sequelize NPM version =4.0.0, =0.0.1, =4.0.2, =1.0.16, =1.0.20, =1.0.18, =1.0.10, =1.0.0, =0.1.0, =0.0.1, =1.0.0, =1.0.6, =5.1.3, =1.6.7, =0.6.3, =0.6.5 and more Source cves: CVE-2019-10752 Source advisory: SNYK:JS-SEQUELIZE-459751...

ayakashi (>=1.0.0-beta3 <=1.0.0-beta5.2), cplotter-validator (>=0.0.1 <=0.0.2) +7 more potentially affected by CVE-2019-10752 via sequelize (>=5.10.0 <=5.14.0)

sequelize NPM version =5.10.0, =1.0.0-beta3, =0.0.1, =2.0.0-alpha.2, =1.0.0-beta.15, =2.0.0, =1.0.8, =1.0.9 Source cves: CVE-2019-10752 Source advisory: SNYK:JS-SEQUELIZE-459751...