npm

Severity: high

SQL Injection

sequelize

Overview

Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll.

Remediation

Update to version 3.17.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Oct 31st, 2016
  2. reported

    Initial report by Spencer Creasey
    May 5th, 2016