Skip to content

NoSQL Injection in sequelize

High severity GitHub Reviewed Published Jun 4, 2019 to the GitHub Advisory Database • Updated Apr 30, 2023

Package

npm sequelize (npm)

Affected versions

< 4.12.0

Patched versions

4.12.0

Description

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

Recommendation

Upgrade to version 4.12.0 or later

References

Reviewed Jun 4, 2019
Published to the GitHub Advisory Database Jun 4, 2019
Last updated Apr 30, 2023

Severity

High

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-wfp9-vr4j-f49j

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.