CVE-2019-11069

NONE EPSS 76.1%
Published Apr 10, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 10, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.

Threat Intelligence

EPSS Exploit Probability
76.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 1

VendorProductVersionRange
sequelizejssequelize*≥5.0.0  –  <5.3.0

References 4

  • github.com https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984b456/lib/dialects/postgres/connection-manager.js#L158-L160
    Third Party Advisory
  • github.com https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93ed71e9
  • github.com https://github.com/sequelize/sequelize/pull/10746/files
    PatchThird Party Advisory
  • github.com https://github.com/sequelize/sequelize/releases/tag/v5.3.0
    Release NotesThird Party Advisory

Remediation

  • github.com https://github.com/sequelize/sequelize/pull/10746/files
    PatchThird Party Advisory