Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:sequelize:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Sequelize (158cfdae-d34c-5699-a318-15a40bd29f00) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-10752 |
vulnerable | 2026-06-08 05:12:25.227407 |
Details available
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
Published: 2019-10-17T18:12:43.000Z
Updated: 2024-08-04T22:32:01.546Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10749 |
vulnerable | 2026-06-08 05:12:25.222978 |
Details available
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
Published: 2019-10-29T16:06:05.000Z
Updated: 2024-08-04T22:32:01.594Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10748 |
vulnerable | 2026-06-08 05:12:25.221530 |
Details available
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.
Published: 2019-10-28T21:42:45.000Z
Updated: 2024-08-04T22:32:01.529Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.