CVE-2016-10554
N/A
N/A
Summary
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | sequelize node module | <= 1.7.0-alpha2 | affected |
Weaknesses
- CWE-89: SQL Injection (CWE-89)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d
- https://nodesecurity.io/advisories/113
References
- https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d
- https://nodesecurity.io/advisories/113
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.