icon

We found results for “

WS-2016-0033

Good to know:

icon

Date: July 19, 2016

In sequelize, v3 versions prior to v3.23.5 are vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL. This vulnerability only exists within GeoJSON documents using the function ST_GeomFromGeoJSON for postgresql/postgis and the function GeomFromText for mysql.

Language: JS

Severity Score

Weakness Type (CWE)

Injection

CWE-74

SQL Injection

CWE-89

Top Fix

icon

Upgrade Version

Do you need more information?

Contact Us