CVE-2019-11069

Published: Apr 10, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.

Affected (1)

Products: Sequelizejs: Sequelize

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sequelizejs Sequelize	From 5.0.0 to 5.3.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.js#L158-L160

Source: cve@mitre.org

Third Party Advisory

https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93ed71e9

Source: cve@mitre.org

https://github.com/sequelize/sequelize/pull/10746/files

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/sequelize/sequelize/releases/tag/v5.3.0

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.js#L158-L160

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93ed71e9

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/sequelize/sequelize/pull/10746/files

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/sequelize/sequelize/releases/tag/v5.3.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.