CVE-2019-11069
HIGHSequelize 5.0.0-5.2.9 - SQL Injection via Improper Input Validation
Title source: llmDescription
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
References (4)
Core 4
Core References
Third Party Advisory
https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.js#L158-L160
Patch, Third Party Advisory
https://github.com/sequelize/sequelize/pull/10746/files
Release Notes, Third Party Advisory
https://github.com/sequelize/sequelize/releases/tag/v5.3.0
Scores
CVSS v3
7.5
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
npm/sequelize
5.0.0 - 5.3.0npm
sequelizejs/sequelize
5.0.0 - 5.3.0
Published
Apr 10, 2019
Tracked Since
Feb 18, 2026