GHSA-wfp9-vr4j-f49j

Опубликовано: 04 июн. 2019

Источник: github

Github: Прошло ревью

Описание

NoSQL Injection in sequelize

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

Recommendation

Upgrade to version 4.12.0 or later

Ссылки

https://github.com/sequelize/sequelize/issues/7310
https://github.com/sequelize/sequelize/pull/8240
https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d
https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147

Пакеты

Наименование

sequelize

npm

Затронутые версииВерсия исправления

< 4.12.0

4.12.0

Дефекты

CWE-89

Дефекты

CWE-89