GHSA-2777-2vq8-c4v4

Suggest an improvement
Source
https://github.com/advisories/GHSA-2777-2vq8-c4v4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-2777-2vq8-c4v4/GHSA-2777-2vq8-c4v4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2777-2vq8-c4v4
Aliases
Published
2019-04-11T16:33:17Z
Modified
2023-11-20T22:07:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
SQL Injection in sequelize
Details

Versions of sequelize prior to 5.3.0 (excluding v3 and v4) are vulnerable to SQL Injection. PostgreSQL optionstandard_conforming_strings is not set to on by default, which may allow attackers to inject SQL statements due to poor handling of backslashes in string literals.

Recommendation

Upgrade to version 5.3.0 or later.

References

Affected packages

npm / sequelize

Package

Affected ranges

Type
SEMVER
Events
Introduced
5.0.0
Fixed
5.3.0