CVE-2019-11069
NONE EPSS 76.1%
Published Apr 10, 20197y ago · Modified Jun 17, 20262w ago
Published Apr 10, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
Threat Intelligence
EPSS Exploit Probability
76.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| sequelizejs | sequelize | * | ≥5.0.0 – <5.3.0 |
References 4
- github.com https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.js#L158-L160
- github.com https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93ed71e9
- github.com https://github.com/sequelize/sequelize/pull/10746/files
- github.com https://github.com/sequelize/sequelize/releases/tag/v5.3.0
Remediation
- github.com https://github.com/sequelize/sequelize/pull/10746/files