GHSA-8mwq-mj73-qv68 – sequelize

Package

Manager: npm
Name: sequelize
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements ## Duplicate advisory This advisory has been withdrawn because it is a duplicate of [GHSA-f598-mfpv-gmfx](https://github.com/advisories/GHSA-f598-mfpv-gmfx). This link is maintained to preserve external references. ## Original Description Due to improper attribute filtering in the sequelize js library, an attacker can peform SQL injections. This issue can be mitigated by not accepting untrusted input.

Metadata

Created: 2023-02-16T15:30:28Z
Modified: 2023-02-24T18:48:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-8mwq-mj73-qv68/GHSA-8mwq-mj73-qv68.json
CWE IDs: ["CWE-790"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0