Severity: high

    NoSQL Injection

    sequelize

    Overview

    Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

    Remediation

    Upgrade to version 4.12.0 or later

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Apr 18th, 2019
    2. reported

      Reported by Egor Homakov
      Mar 1st, 2017