feathers-sequelize@6.2.0 vulnerabilities

A service adapter for Sequelize an SQL ORM

latest version

7.0.3
latest non vulnerable version

8.0.0-pre.1
first published

9 years ago
latest version published

a year ago
licenses detected
- MIT
  >=0
View feathers-sequelize package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the feathers-sequelize package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
C Improper Input Validation feathers-sequelize is an A service adapter for Sequelize an SQL ORM Affected versions of this package are vulnerable to Improper Input Validation due to improper input validation, via raw attribute selects. How to fix Improper Input Validation? Upgrade `feathers-sequelize` to version 6.3.4 or higher.	>=6.0.0 <6.3.4
C SQL Injection feathers-sequelize is an A service adapter for Sequelize an SQL ORM Affected versions of this package are vulnerable to SQL Injection due to improper parameter filtering, via raw attribute selects. How to fix SQL Injection? Upgrade `feathers-sequelize` to version 6.3.4 or higher.	>=6.0.0 <6.3.4
C Prototype Pollution feathers-sequelize is an A service adapter for Sequelize an SQL ORM Affected versions of this package are vulnerable to Prototype Pollution due to the `cleanQuery` method, which uses insecure recursive logic to filter unsupported keys from the query object. How to fix Prototype Pollution? Upgrade `feathers-sequelize` to version 6.3.4 or higher.	>=6.0.0 <6.3.4