CVE-2016-10551
SQL Injection in waterline-sequel
EPSS 0.45%
Description
Affected versions of `waterline-sequel` are vulnerable to SQL injection in cases where user input is passed into the `like`, `contains`, `startsWith`, or `endsWith` methods. ## Recommendation Upgrade to at least version 0.5.1
How to fix CVE-2016-10551
To remediate CVE-2016-10551, upgrade the affected package to a fixed version below.
- npm/waterline-sequel—upgrade to 0.5.1 or later
Is CVE-2016-10551 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.5.1