VYPR
Critical severityOSV Advisory· Published Oct 17, 2019· Updated Aug 4, 2024

CVE-2019-10752

CVE-2019-10752

Description

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sequelizenpm
< 4.44.34.44.3
sequelizenpm
>= 5.0.0, < 5.15.15.15.1

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.