Home > Vulnerability Database > WS-2016-0033

Mend Vulnerability Database

WS-2016-0033

Good to know:

Date: July 19, 2016

In sequelize, v3 versions prior to v3.23.5 are vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL. This vulnerability only exists within GeoJSON documents using the function ST_GeomFromGeoJSON for postgresql/postgis and the function GeomFromText for mysql.

Language: JS

Severity Score

0.0

Related Resources (2)

Url: https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1

Url: https://www.mend.io/vulnerability-database/WS-2016-0033

Weakness Type (CWE)

Injection

CWE-74

SQL Injection

CWE-89

Mend Vulnerability Database

We found results for “”