NotCVE - vendor:"Sequelizejs" product:"Sequelize"

Page 2 of 13 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-10554

https://notcve.org/view.php?id=CVE-2016-10554

31 May 2018 — sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. sequelize es un mapeo objeto-relacional, o un "middleman", para convertir cosas de Postgres, MySQL, MariaDB, SQLite y Microsoft SQL Server en datos usables para NodeJS. En versiones anteriores a la 1.7.0-alpha3, ... • https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10553

https://notcve.org/view.php?id=CVE-2016-10553

31 May 2018 — sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier. sequelize es un mapeo objeto-relacional, o un "middleman", para convertir cosas de Postgres, MySQL, MariaDB, SQLite y Microsoft SQL Server en datos usables para NodeJS. Se ha lanzado un parche para solucionar una potencial inyección SQL en sequelize en ver... • https://github.com/sequelize/sequelize/blob/master/changelog.md#300 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-10556

https://notcve.org/view.php?id=CVE-2016-10556

29 May 2018 — sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name I... • https://github.com/sequelize/sequelize/issues/5671 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2