Affected versions of
sequelize are vulnerable to SQL Injection in locations where user input is passed into the
order parameters of
sequelize query calls, such as
Update to version 3.17.0 or later.
Have content suggestions? Send them to [email protected]
publishedAdvisory publishedOct 31st, 2016
reportedInitial report by Spencer CreaseyMay 5th, 2016