CVE-2016-10551
N/A
N/A
Summary
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | waterline-sequel node module | 0.5.0 | affected |
Weaknesses
- CWE-89: SQL Injection (CWE-89)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/balderdashy/waterline/issues/1219#issuecomment-157294530
- https://nodesecurity.io/advisories/115
References
- https://github.com/balderdashy/waterline/issues/1219#issuecomment-157294530
- https://nodesecurity.io/advisories/115
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.