SQL Injection Vulnerability in Sequelize for Node.js
CVE-2015-1369

Currently unrated

Key Information:

Vendor: Sequelize Project
Status: Sequelize
Vendor: CVE Published:; 27 January 2015

🔔 Create Sequelize Project Vulnerability Alert

What is CVE-2015-1369?

An SQL injection vulnerability exists in Sequelize versions prior to 2.0.0-rc7, allowing remote attackers to execute arbitrary SQL commands through the 'order' parameter in a request. This flaw can lead to unauthorized access to the underlying database, potentially exposing sensitive data and compromising the application's integrity. It is crucial for users of affected versions to upgrade promptly to mitigate the risks associated with this vulnerability.

References

https://github.com/sequelize/sequelize/pull/2919

x_refsource_CONFIRM

https://nodesecurity.io/advisories/sequelize-sql-injectio...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2015/01/23/2

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Jan 27, 2015

CVE-2015-1369 Data

JSON