Critical severityOSV Advisory· Published Oct 17, 2019· Updated Aug 4, 2024
CVE-2019-10752
CVE-2019-10752
Description
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sequelizenpm | < 4.44.3 | 4.44.3 |
sequelizenpm | >= 5.0.0, < 5.15.1 | 5.15.1 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-m9jw-237r-gvfvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10752ghsaADVISORY
- github.com/sequelize/sequelize/commit/9bd0bc1%2Cmitrex_refsource_MISC
- github.com/sequelize/sequelize/commit/9bd0bc1,ghsaWEB
- github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541eghsax_refsource_MISCWEB
- github.com/sequelize/sequelize/pull/11329ghsaWEB
- snyk.io/vuln/SNYK-JS-SEQUELIZE-459751ghsaWEB
- snyk.io/vuln/SNYK-JS-SEQUELIZE-459751%2Cmitrex_refsource_CONFIRM
- snyk.io/vuln/SNYK-JS-SEQUELIZE-459751,ghsaWEB
- www.npmjs.com/advisories/1146ghsaWEB
News mentions
0No linked articles in our index yet.