Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3NzctMnZxOC1jNHY0
SQL Injection in sequelize
Versions of sequelize
prior to 5.3.0 (excluding v3 and v4) are vulnerable to SQL Injection. PostgreSQL optionstandard_conforming_strings
is not set to on
by default, which may allow attackers to inject SQL statements due to poor handling of backslashes in string literals.
Recommendation
Upgrade to version 5.3.0 or later.
Permalink: https://github.com/advisories/GHSA-2777-2vq8-c4v4JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3NzctMnZxOC1jNHY0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.00234
EPSS Percentile: 0.61039
Identifiers: GHSA-2777-2vq8-c4v4, CVE-2019-11069
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-11069
- https://github.com/sequelize/sequelize/pull/10746
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174167
- https://github.com/sequelize/sequelize/pull/10746/files
- https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.js#L158-L160
- https://github.com/sequelize/sequelize/releases/tag/v5.3.0
- https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93ed71e9
- https://github.com/advisories/GHSA-2777-2vq8-c4v4
Blast Radius: 39.6
Affected Packages
npm:sequelize
Dependent packages: 4,888Dependent repositories: 193,226
Downloads: 7,163,465 last month
Affected Version Ranges: >= 5.0.0, < 5.3.0
Fixed in: 5.3.0
All affected versions: 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15
All unaffected versions: 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.7.1, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.12.2, 3.13.0, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.15.1, 3.16.0, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.18.0, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.21.0, 3.22.0, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.24.7, 3.24.8, 3.25.0, 3.25.1, 3.26.0, 3.27.0, 3.28.0, 3.29.0, 3.30.0, 3.30.1, 3.30.2, 3.30.3, 3.30.4, 3.31.0, 3.31.1, 3.31.2, 3.32.1, 3.33.0, 3.34.0, 3.35.0, 3.35.1, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.11.7, 4.12.0, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.13.4, 4.13.5, 4.13.6, 4.13.7, 4.13.8, 4.13.9, 4.13.10, 4.13.11, 4.13.12, 4.13.13, 4.13.14, 4.13.15, 4.13.16, 4.13.17, 4.14.0, 4.15.0, 4.15.1, 4.15.2, 4.16.0, 4.16.1, 4.16.2, 4.17.0, 4.17.1, 4.17.2, 4.18.0, 4.19.0, 4.20.0, 4.20.1, 4.20.2, 4.20.3, 4.21.0, 4.22.0, 4.22.1, 4.22.2, 4.22.3, 4.22.4, 4.22.5, 4.22.6, 4.22.7, 4.22.8, 4.22.9, 4.22.10, 4.22.11, 4.22.12, 4.22.13, 4.22.14, 4.22.15, 4.22.16, 4.23.0, 4.23.1, 4.23.2, 4.23.3, 4.23.4, 4.24.0, 4.25.0, 4.25.1, 4.25.2, 4.26.0, 4.27.0, 4.28.0, 4.28.1, 4.28.2, 4.28.3, 4.28.4, 4.28.5, 4.28.6, 4.28.7, 4.28.8, 4.29.0, 4.29.1, 4.29.2, 4.29.3, 4.30.0, 4.30.1, 4.30.2, 4.31.0, 4.31.1, 4.31.2, 4.32.0, 4.32.1, 4.32.2, 4.32.3, 4.32.4, 4.32.5, 4.32.6, 4.32.7, 4.33.0, 4.33.1, 4.33.2, 4.33.3, 4.33.4, 4.34.0, 4.34.1, 4.35.0, 4.35.1, 4.35.2, 4.35.3, 4.35.4, 4.35.5, 4.36.0, 4.36.1, 4.37.0, 4.37.1, 4.37.2, 4.37.3, 4.37.4, 4.37.5, 4.37.6, 4.37.7, 4.37.8, 4.37.9, 4.37.10, 4.38.0, 4.38.1, 4.39.0, 4.39.1, 4.40.0, 4.41.0, 4.41.1, 4.41.2, 4.42.0, 4.42.1, 4.43.0, 4.43.1, 4.43.2, 4.44.0, 4.44.1, 4.44.2, 4.44.3, 4.44.4, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.4.0, 5.5.0, 5.5.1, 5.6.0, 5.6.1, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 5.8.10, 5.8.11, 5.8.12, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.10.0, 5.10.1, 5.10.2, 5.10.3, 5.11.0, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.13.0, 5.13.1, 5.14.0, 5.15.0, 5.15.1, 5.15.2, 5.16.0, 5.17.0, 5.17.1, 5.17.2, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 5.19.0, 5.19.1, 5.19.2, 5.19.3, 5.19.4, 5.19.5, 5.19.6, 5.19.7, 5.19.8, 5.20.0, 5.21.0, 5.21.1, 5.21.2, 5.21.3, 5.21.4, 5.21.5, 5.21.6, 5.21.7, 5.21.8, 5.21.9, 5.21.10, 5.21.11, 5.21.12, 5.21.13, 5.22.0, 5.22.1, 5.22.2, 5.22.3, 5.22.4, 5.22.5, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.4.0, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.4, 6.6.5, 6.7.0, 6.8.0, 6.9.0, 6.10.0, 6.11.0, 6.12.0, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.13.0, 6.14.0, 6.14.1, 6.15.0, 6.15.1, 6.16.0, 6.16.1, 6.16.2, 6.16.3, 6.17.0, 6.18.0, 6.19.0, 6.19.1, 6.19.2, 6.20.0, 6.20.1, 6.21.0, 6.21.1, 6.21.2, 6.21.3, 6.21.4, 6.21.5, 6.21.6, 6.22.0, 6.22.1, 6.23.0, 6.23.1, 6.23.2, 6.24.0, 6.25.0, 6.25.1, 6.25.2, 6.25.3, 6.25.4, 6.25.5, 6.25.6, 6.25.7, 6.25.8, 6.26.0, 6.27.0, 6.28.0, 6.28.1, 6.28.2, 6.29.0, 6.29.1, 6.29.2, 6.29.3, 6.30.0, 6.31.0, 6.31.1, 6.32.0, 6.32.1, 6.33.0, 6.34.0, 6.35.0, 6.35.1, 6.35.2, 6.36.0, 6.37.0, 6.37.1, 6.37.2, 6.37.3, 6.37.4, 6.37.5