Vulnerability Details CVE-2015-1369
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2015/01/23/2
- https://github.com/sequelize/sequelize/pull/2919
- https://nodesecurity.io/advisories/sequelize-sql-injection-order
- http://www.openwall.com/lists/oss-security/2015/01/23/2
- https://github.com/sequelize/sequelize/pull/2919
- https://nodesecurity.io/advisories/sequelize-sql-injection-order
Products affected by CVE-2015-1369
-
cpe:2.3:a:sequelize_project:sequelize:*