Sushant

3 exploits Active since Apr 2019
CVE-2019-10752 WRITEUP CRITICAL WRITEUP
Sequelize < 4.44.3 - SQL Injection via sequelize.json() Helper Function
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
CVSS 9.8
CVE-2019-10749 WRITEUP CRITICAL WRITEUP
sequelize < 3.35.1 - SQL Injection via Postgres JSON Path Keys
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
CVSS 9.8
CVE-2019-11069 WRITEUP HIGH WRITEUP
Sequelize 5.0.0-5.2.9 - SQL Injection via Improper Input Validation
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
CVSS 7.5