GHSA-wfp9-vr4j-f49j

Suggest an improvement
Source
https://github.com/advisories/GHSA-wfp9-vr4j-f49j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-wfp9-vr4j-f49j/GHSA-wfp9-vr4j-f49j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wfp9-vr4j-f49j
Published
2019-06-04T20:04:27Z
Modified
2023-04-21T19:34:39Z
Summary
NoSQL Injection in sequelize
Details

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

Recommendation

Upgrade to version 4.12.0 or later

Database specific 
{
    "github_reviewed_at": "2019-06-04T20:04:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "nvd_published_at": null,
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

npm / sequelize

Package

Name
sequelize
View open source insights on deps.dev
Purl
pkg:npm/sequelize

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.0