sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as
$gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.
Upgrade to version 4.12.0 or later
Have content suggestions? Send them to [email protected]
publishedAdvisory PublishedApr 18th, 2019
reportedReported by Egor HomakovMar 1st, 2017