Skip to main content

Improper Filtering of Special Elements


Severity High
Score 9.8/10


Due to improper attribute filtering in the sequalize js library attacker can perform SQL injections. This issue affects sequelize versions prior to 6.29.0, and 7.0.0-x prior to 7.0.0-alpha.9 and @sequelize/core versions prior to 7.0.0-alpha.20

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-790 - Improper Filtering of Special Elements

The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Advisory Timeline

  • Published