CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*

Information

Published : 2018-05-31 13:29

Updated : 2019-10-09 16:16


NVD link : CVE-2016-10550

Mitre link : CVE-2016-10550


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

sequelizejs

  • sequelize