CVE-2019-10752

Summary

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.

Affected Software

VendorProductVersion RangeStatus
n/asequelizeAll versions prior to version 4.44.3 and 5.15.1affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References