CVE-2016-10554
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.
sequelize es un mapeo objeto-relacional, o un "middleman", para convertir cosas de Postgres, MySQL, MariaDB, SQLite y Microsoft SQL Server en datos usables para NodeJS. En versiones anteriores a la 1.7.0-alpha3, sequelize hace que SQLite emplee el escapado de barras diagonales de MySQL, aunque SQLite emplea el escapado de Postgres.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-10-29 CVE Reserved
- 2018-05-31 CVE Published
- 2023-10-22 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d | 2019-10-09 | |
| https://nodesecurity.io/advisories/113 | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sequelizejs Search vendor "Sequelizejs" | Sequelize Search vendor "Sequelizejs" for product "Sequelize" | <= 1.6.0 Search vendor "Sequelizejs" for product "Sequelize" and version " <= 1.6.0" | node.js |
Affected
| ||||||
| Sequelizejs Search vendor "Sequelizejs" | Sequelize Search vendor "Sequelizejs" for product "Sequelize" | 1.7.0 Search vendor "Sequelizejs" for product "Sequelize" and version "1.7.0" | alpha1, node.js |
Affected
| ||||||
| Sequelizejs Search vendor "Sequelizejs" | Sequelize Search vendor "Sequelizejs" for product "Sequelize" | 1.7.0 Search vendor "Sequelizejs" for product "Sequelize" and version "1.7.0" | alpha2, node.js |
Affected
| ||||||