CVE-2019-10749

Опубликовано: 29 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.

Ссылки

https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
Patch
https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222
Exploit
Third Party Advisory
https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
Patch
https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*

Версия до 3.35.1 (исключая)

EPSS

Процентиль: 57%

0.00357

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2598-2f59-rmhq