SQL Injection in sequelize
Versions 2.0.0-rc-7 and earlier of sequelize are affected by a SQL injection vulnerability when user input is passed into the order parameter. Proof of Concept javascript Test.findAndCountAll where: id :1 , order : 'id', 'UNTRUSTED USER INPUT' Recommendation Update to version 2.0.0-rc8 or later...