WS-2016-0079 (Medium) detected in sequelize-3.17.3.tgz

Question

WS-2016-0079 (Medium) detected in sequelize-3.17.3.tgz

Opened this issue 5 years ago · 0 comments

mend-bolt-for-github commented 5 years ago

WS-2016-0079 - Medium Severity Vulnerability

Vulnerable Library - sequelize-3.17.3.tgz

Multi dialect ORM for Node.JS/io.js

Library home page: https://registry.npmjs.org/sequelize/-/sequelize-3.17.3.tgz

Path to dependency file: /InfotelAPI2016/package.json

Path to vulnerable library: /InfotelAPI2016/node_modules/sequelize/package.json

Dependency Hierarchy:

❌ sequelize-3.17.3.tgz (Vulnerable Library)

Found in HEAD commit: 6d3ae9745a93368ee736c4dc1be87c814e996b3f

Vulnerability Details

Sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS.
In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.

Publish Date: 2016-10-31

URL: WS-2016-0079

CVSS 2 Score Details (4.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/102

Release Date: 2016-10-31

Fix Resolution: Upgrade to sequelize version 3.20.0 or greater

Step up your Open Source Security Game with WhiteSource here