Sequelize
CVE-2019-11069
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
AnalysisAI
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. Affected products include: Sequelizejs Sequelize. Version information: version 5.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Sequelize is a Node.js ORM tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no auth
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not bei
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helpe
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL c
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. Rated critical sev
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. Rated high severity (C
SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclos
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today