CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-10551

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile39.16th
Published2018年5月29日
Last Modified2024年11月21日

Vulnerability Description

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.

Affected Platforms (CPE)

📦
Balderdash

Waterline Sequel

= 0.5.0

References & Advisories

🔗 https://github.com/balderdashy/waterline/issues/1219#issuecomment-157294530
🔗 https://nodesecurity.io/advisories/115
🔗 https://github.com/balderdashy/waterline/issues/1219#issuecomment-157294530
🔗 https://nodesecurity.io/advisories/115

関連する脆弱性情報

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...