CVE-2016-10550 in sequalizeinfo

Zusammenfassung

von MITRE

sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

29.10.2017

Veröffentlichung

31.05.2018

Moderieren

akzeptiert

Eintrag

VDB-118434

CPE

bereit

CWE

CWE-89 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.00486

KEV

nein

Aktivitäten

very low

Sektor

Finance, Hostingprovider, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-10550
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-10550
CVE Details	https://www.cvedetails.com/cve/CVE-2016-10550/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!