CyberSec.Space Logo
Back to CVE Browser

CVE-2016-10551

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile39.16th
PublishedMay 29, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.

Affected Platforms (CPE)

πŸ“¦
Balderdash

Waterline Sequel

= 0.5.0

References & Advisories

πŸ”— https://github.com/balderdashy/waterline/issues/1219#issuecomment-157294530
πŸ”— https://nodesecurity.io/advisories/115
πŸ”— https://github.com/balderdashy/waterline/issues/1219#issuecomment-157294530
πŸ”— https://nodesecurity.io/advisories/115

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...