CVE-2016-10550
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2016-10550. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.
Available Exploits
Related News
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected Packages
CVSS Scoring
CVSS Score
References
Advisory provided by GitHub Security Advisory Database. Published: February 18, 2019, Modified: August 31, 2020