ByteOS Network

NVD Vulnerability Details :

CVE-2019-10749

Analyzed

Source-report@snyk.io

Published At-29 Oct, 2019 | 19:15

Updated At-31 Oct, 2019 | 00:13

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

sequelizejs>>sequelize>>Versions before 3.35.1(exclusive)

cpe:2.3:a:sequelizejs:sequelize:*:*:*:*:*:node.js:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68	report@snyk.io	Patch
https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222	report@snyk.io	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History