sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.
References
Link | Resource |
---|---|
https://nodesecurity.io/advisories/113 | Patch Third Party Advisory |
https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-05-31 13:29
Updated : 2019-10-09 16:16
NVD link : CVE-2016-10554
Mitre link : CVE-2016-10554
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
sequelizejs
- sequelize