GHSA-98pq-pmw9-4gpm

Suggest an improvement
Source
https://github.com/advisories/GHSA-98pq-pmw9-4gpm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-98pq-pmw9-4gpm/GHSA-98pq-pmw9-4gpm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-98pq-pmw9-4gpm
Aliases
Published
2019-02-18T23:54:34Z
Modified
2023-11-08T03:58:12.010507Z
Summary
SQL Injection in sequelize
Details

Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll.

Recommendation

Update to version 3.17.0 or later.

Database specific 
{
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed_at": "2020-06-16T21:27:57Z"
}
References

Affected packages

npm / sequelize

Package

Name
sequelize
View open source insights on deps.dev
Purl
pkg:npm/sequelize

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.17.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-98pq-pmw9-4gpm/GHSA-98pq-pmw9-4gpm.json"