CVE-2016-10550

EPSS 0.49%

SQL Injection in sequelize

發布日:2019/2/18修改日:2023/11/8

描述

Affected versions of `sequelize` are vulnerable to SQL Injection in locations where user input is passed into the `limit` or `order` parameters of `sequelize` query calls, such as `findOne` or `findAll`. ## Recommendation Update to version 3.17.0 or later.

受影響套件(1)

npm/sequelizefrom 0, < 3.17.0

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-98pq-pmw9-4gpm
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-10550
WEBhttps://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03
WEBhttps://www.npmjs.com/advisories/112