[Security ISSUE: SQL Injection] sequelize 4.44.* #11202

sahatnicholas-gdp · 2019-07-18T02:57:58Z

What are you doing?

Snyk reports a SQL injection vulnerability in version sequelize@4.44.*.

https://www.npmjs.com/advisories/1018

Would you help offering a solution or explanation to that? Currently, the only remedy is to upgrade sequelize to v5, which breaks a lot of my existing code.
Thanks before.

Environment

Dialect:

Sequelize version: 4.44.*
Tested with latest release:

No
Yes, specify that version:

papb · 2019-07-19T11:58:34Z

Thanks for reporting, PRs are welcome, unfortunately I don't have time to take a look into this right now...

sushantdhiman · 2019-08-18T13:07:15Z

Fixed with #11332

sahatnicholas-gdp changed the title [ Security ISSUE: SQL Injection] sequelize 4.44.* [Security ISSUE: SQL Injection] sequelize 4.44.* Jul 18, 2019

sahatnicholas-gdp mentioned this issue Jul 19, 2019

[ Security ISSUE: SQL Injection] sequelize 4.43.2 #10866

Closed

7 tasks

papb added the status: awaiting investigation label Jul 24, 2019

sushantdhiman mentioned this issue Aug 18, 2019

fix(mysql): json path security issues #11332

Merged

6 tasks

sushantdhiman closed this as completed Aug 18, 2019

sushantdhiman removed the status: awaiting investigation label Aug 18, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security ISSUE: SQL Injection] sequelize 4.44.* #11202

[Security ISSUE: SQL Injection] sequelize 4.44.* #11202

sahatnicholas-gdp commented Jul 18, 2019 •

edited

papb commented Jul 19, 2019

sushantdhiman commented Aug 18, 2019

[Security ISSUE: SQL Injection] sequelize 4.44.* #11202

[Security ISSUE: SQL Injection] sequelize 4.44.* #11202

Comments

sahatnicholas-gdp commented Jul 18, 2019 • edited

What are you doing?

Environment

papb commented Jul 19, 2019

sushantdhiman commented Aug 18, 2019

sahatnicholas-gdp commented Jul 18, 2019 •

edited