Severity: high

    NoSQL Injection



    Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.


    Upgrade to version 4.12.0 or later

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Apr 18th, 2019
    2. reported

      Reported by Egor Homakov
      Mar 1st, 2017