WS-2019-0053 (Medium) detected in sequelize-3.17.3.tgz

Question

WS-2019-0053 (Medium) detected in sequelize-3.17.3.tgz

Opened this issue 5 years ago · 0 comments

mend-bolt-for-github commented 5 years ago

WS-2019-0053 - Medium Severity Vulnerability

Vulnerable Library - sequelize-3.17.3.tgz

Multi dialect ORM for Node.JS/io.js

Library home page: https://registry.npmjs.org/sequelize/-/sequelize-3.17.3.tgz

Path to dependency file: /InfotelAPI2016/package.json

Path to vulnerable library: /InfotelAPI2016/node_modules/sequelize/package.json

Dependency Hierarchy:

❌ sequelize-3.17.3.tgz (Vulnerable Library)

Found in HEAD commit: 6d3ae9745a93368ee736c4dc1be87c814e996b3f

Vulnerability Details

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

Publish Date: 2019-04-23

URL: WS-2019-0053

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/820/versions

Release Date: 2019-04-23

Fix Resolution: 4.12.0

Step up your Open Source Security Game with WhiteSource here