CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10752
https://notcve.org/view.php?id=CVE-2019-10752
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. Sequelize, todas las versiones anteriores a la versión 4.44.3 y 5.15.1, es vulnerable a una inyección SQL debido a que la función auxiliar sequelize.json() no escapa los valores apropiadamente cuando se formatean subrutas para consultas JSON para MySQL, MariaDB y SQLite. • https://github.com/sequelize/sequelize/commit/9bd0bc1%2C https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751 https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751%2C • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •