VYPR
Critical severityOSV Advisory· Published Oct 28, 2019· Updated Aug 4, 2024

CVE-2019-10748

CVE-2019-10748

Description

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sequelizenpm
< 3.35.13.35.1
sequelizenpm
>= 4.0.0, < 4.44.34.44.3
sequelizenpm
>= 5.0.0, < 5.8.115.8.11

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.