sequelize@1.6.0-alpha-1 vulnerabilities
Sequelize is a promise-based Node.js ORM tool for Postgres, MySQL, MariaDB, SQLite, Microsoft SQL Server, Amazon Redshift and Snowflake’s Data Cloud. It features solid transaction support, relations, eager and lazy loading, read replication and more.
-
latest version
6.37.5
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the sequelize package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') due to improper user-input sanitization, due to unsafe fall-through in How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade |
<6.28.1
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to Information Exposure due to improper user-input, by allowing an attacker to create malicious queries leading to SQL errors. How to fix Information Exposure? Upgrade |
<6.28.1
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to Improper Filtering of Special Elements due to attributes not being escaped if they included How to fix Improper Filtering of Special Elements? Upgrade |
<6.29.0
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to an improper escaping for multiple appearances of How to fix SQL Injection? Upgrade |
<6.21.2
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection via the How to fix SQL Injection? Upgrade |
<6.19.1
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to Denial of Service (DoS). The How to fix Denial of Service (DoS)? Upgrade |
<4.44.4
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to JSON path keys not being properly sanitized in the Postgres dialect. How to fix SQL Injection? Upgrade |
<3.35.1
|
sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to Hash Injection. Using specially crafted requests an attacker can bypass For example:
Node.js and other platforms allow nested parameters, i.e. How to fix Hash Injection? Upgrade |
<4.12.0
|
a malicious attacker may exploit this to find the users password by entering How to fix SQL Injection? Upgrade |
<3.12.1
|
How to fix SQL Injection? Upgrade to version 1.7.0-alpha3 or greater. |
>=0.2.2 <1.7.0-alpha3
|
A potential memory disclosure vulnerability exists in sequelize versions prior to 3.17.2.
A field of type Details
Initializing a # Proof of concept
How to fix Remote Memory Exposure? Upgrade |
<3.17.2
|
How to fix SQL Injection? Upgrade to version 3.20.0 or greater. |
<3.20.0
|
How to fix SQL Injection? Upgrade to version 2.0.0-rc8 or greater. |
<2.0.0-rc8
|