CVE-2016-10556

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10556

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10556.json

Aliases

GHSA-9c2p-jw8p-f84v

Published

2018-05-29T20:29:00Z

Modified

2023-11-29T05:10:42.882044Z

Details

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put ["test", "'); DELETE TestTable WHERE Id = 1 --')"] inside of database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); and cause the SQL statement to become SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --'). In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.

References

Affected packages

Git / github.com/sequelize/sequelize

Affected ranges

Type: GIT
Repo: https://github.com/sequelize/sequelize
Events: Introduced

0The exact introduced commit is unknown

Last affected

d2fc3923e653d726f45b844286276661118a443e

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.2.3

0.2.4

0.2.5

0.2.6

0.3.0

0.4.0

0.4.1

0.4.2

0.4.3

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.7.0-rc3

3.*

3.12.1

v1.*

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.4.0

v1.4.1

v1.5.0

v1.5.0-alpha

v1.5.0-beta

v1.5.0-beta-2

v1.5.1-alpha-1

v1.6.0

v1.6.0-alpha-1

v1.6.0-alpha-2

v1.6.0-alpha-3

v1.6.0-beta-1

v1.6.0-beta-2

v1.6.0-beta-3

v1.6.0-beta4

v1.7.0

v1.7.0-alpha1

v1.7.0-alpha2

v1.7.0-alpha3

v1.7.0-beta.0

v1.7.0-beta.1

v1.7.0-beta.2

v1.7.0-beta.3

v1.7.0-beta.3a

v1.7.0-beta.3b

v1.7.0-beta.4

v1.7.0-beta.4a

v1.7.0-beta.5

v1.7.0-beta6

v1.7.0-beta7

v1.7.0-beta8

v1.7.0-rc1

v1.7.0-rc2

v1.7.0-rc3

v1.7.0-rc4

v1.7.0-rc5

v1.7.0-rc6

v1.7.0-rc7

v1.7.0-rc8

v1.7.0-rc9

v2.*

v2.0.0

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-beta.0

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0-beta.5

v2.0.0-beta.6

v2.0.0-beta.7

v2.0.0-beta.8

v2.0.0-dev1

v2.0.0-dev10

v2.0.0-dev11

v2.0.0-dev12

v2.0.0-dev13

v2.0.0-dev2

v2.0.0-dev3

v2.0.0-dev4

v2.0.0-dev5

v2.0.0-dev6

v2.0.0-dev7

v2.0.0-dev8

v2.0.0-dev9

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.0.0-rc8

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.10.0

v3.12.0

v3.12.2

v3.13.0

v3.14.0

v3.14.2

v3.15.0

v3.15.1

v3.16.0

v3.17.0

v3.17.1

v3.17.2

v3.17.3

v3.18.0

v3.19.0

v3.19.1

v3.19.2

v3.19.3

v3.2.0

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.6.0

v3.7.0

v3.7.1

v3.8.0

v3.9.0