Node.js sequelize module SQL injection |

June 22, 2022

NAME

Node.js sequelize module SQL injection

  • Platforms Affected:
    Node.js sequelize 6.19.0
  • Risk Level:
    9.4
  • Exploitability:
    High
  • Consequences:
    Data Manipulation

DESCRIPTION

Node.js sequelize module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the replacements statement, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: Low
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Upgrade to the latest version of Node.js sequelize module (6.19.1 or later), available from the NPM Web site. See References.

  • Reference Link:
    https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027
  • Reference Link:
    https://npmjs.com/package/sequelize

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: user-can-copy-locked-folders-and-gain-access-to-the-contents-maccs

November 16, 2024
image

[BLACKSUIT] – Ransomware Victim: brandywinecoachworks[.]com

November 16, 2024
image

[BLACKSUIT] – Ransomware Victim: kapurinc[.]com

November 16, 2024
image

[RHYSIDA] – Ransomware Victim: American Addiction Centers

November 16, 2024
image

[LYNX] – Ransomware Victim: Grupo_Trisan

November 16, 2024