High severityOSV Advisory· Published Apr 10, 2019· Updated Aug 4, 2024
CVE-2019-11069
CVE-2019-11069
Description
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sequelizenpm | >= 5.0.0, < 5.3.0 | 5.3.0 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-2777-2vq8-c4v4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11069ghsaADVISORY
- github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.jsghsaWEB
- github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93ed71e9ghsaWEB
- github.com/sequelize/sequelize/pull/10746ghsaWEB
- github.com/sequelize/sequelize/pull/10746/filesghsaWEB
- github.com/sequelize/sequelize/releases/tag/v5.3.0ghsaWEB
- snyk.io/vuln/SNYK-JS-SEQUELIZE-174167ghsaWEB
News mentions
0No linked articles in our index yet.