CVE-2019-10749
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
Feature-rich ORM for modern Node.js and TypeScript, it supports PostgreSQL (with JSON and JSONB support), MySQL, MariaDB, SQLite, MS SQL Server, Snowflake, Oracle DB, DB2 and DB2 for IBM i.
GitHub