Sequelize v5.15.1

Version Release Notes from August 18, 2019 (over 4 years ago)

« Changelog History

Sequelize v5.15.1 Release Notes

Release Date: 2019-08-18 // over 4 years ago

5.15.1 (2019-08-18)

🔒 Security
- sequelize.json.fn: use common path extraction for mysql/mariadb/sqlite (#11329) (9bd0bc1)
🔒 This fixes a security issue with sequelize.json() for MySQL. Old code was still used for formatting sub paths for json queries when used with sequelize.json() helper function

Example of attack vector
```
return User.findAll({ where: this.sequelize.json("data.id')) AS DECIMAL) = 1 DELETE YOLO INJECTIONS; -- ", 1) });
```
🔒 Thanks to @Kirill89 from Snyk Security Research Team for reporting this issue.

Awesome Node.js is part of the LibHunt network. Terms. Privacy Policy.