npm

Severity: high

NoSQL Injection

sequelize

Overview

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

Remediation

Upgrade to version 4.12.0 or later

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Apr 18th, 2019
  2. reported

    Reported by Egor Homakov
    Mar 1st, 2017