Summaryinfo

A vulnerability was found in Sequelize up to 5.2.x. It has been classified as critical. The impacted element is an unknown function. This manipulation as part of String causes input validation. This vulnerability is tracked as CVE-2019-11069. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in Sequelize up to 5.2.x. Affected by this vulnerability is an unknown code block. The manipulation as part of a String leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect integrity. The summary by CVE is:

Sequelize before 5.3.0 does not properly ensure that standard conforming strings are used.

The weakness was disclosed 04/10/2019. This vulnerability is known as CVE-2019-11069 since 04/10/2019. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 5.3.0 eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Name

• Sequelize

Version

• 5.0
• 5.1
• 5.2

Website

• Product: https://github.com/sequelize/sequelize/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion