GHSA-cgpp-wm2h-6hqx

Suggest an improvement
Source
https://github.com/advisories/GHSA-cgpp-wm2h-6hqx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-cgpp-wm2h-6hqx/GHSA-cgpp-wm2h-6hqx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cgpp-wm2h-6hqx
Aliases
  • CVE-2016-10551
Published
2019-02-18T23:54:28Z
Modified
2023-11-08T03:58:12.071563Z
Summary
SQL Injection in waterline-sequel
Details

Affected versions of waterline-sequel are vulnerable to SQL injection in cases where user input is passed into the like, contains, startsWith, or endsWith methods.

Recommendation

Upgrade to at least version 0.5.1

Database specific 
{
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:31:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
}
References

Affected packages

npm / waterline-sequel

Package

Name
waterline-sequel
View open source insights on deps.dev
Purl
pkg:npm/waterline-sequel

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-cgpp-wm2h-6hqx/GHSA-cgpp-wm2h-6hqx.json"