CyberSec.Space Logo
Back to CVE Browser

CVE-2019-10749

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile20.90th
PublishedOct 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.

Affected Platforms (CPE)

πŸ“¦
Sequelizejs

Sequelize

< 3.35.1

References & Advisories

πŸ”— https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
πŸ”— https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222
πŸ”— https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
πŸ”— https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222

Related Vulnerabilities

CVE-2016-105519.8

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like...

CVE-2019-107489.8

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properl...

CVE-2019-107529.8

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function...

CVE-2016-105509.8

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQ...