CVE-2016-10554

EPSS 0.49%

SQL Injection in sequelize

發布日:2019/2/18修改日:2023/11/8

描述

Affected versions of `sequelize` use MySQL's backslash-based escape syntax when connecting to SQLite, despite the fact that SQLite uses PostgreSQL's escape syntax, which can result in a SQL Injection vulnerability. ## Recommendation Update to version 1.7.0-alpha3 or later.

受影響套件(1)

npm/sequelizefrom 0, < 1.7.0

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-x2jc-pwfj-h9p3
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-10554
WEBhttps://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d
WEBhttps://www.npmjs.com/advisories/113