[DepShield] (CVSS 9.9) Vulnerability due to usage of sequelize:2.1.3 #22
Description
Vulnerabilities
DepShield reports that this application's usage of sequelize:2.1.3 results in the following vulnerability(s):
- (CVSS 9.9) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- (CVSS 9.9) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- (CVSS 9.9) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- (CVSS 9.8) CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- (CVSS 9.8) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- (CVSS 9.8) [CVE-2019-10749] sequelize before version 3.35.1 allows attackers to perform a SQL Injection due ...
- (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.