NoSQL Injection in sequelize

Published: Jun 4, 2019
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-wfp9-vr4j-f49j" target="_blank" rel="noopener"> GHSA-wfp9-vr4j-f49j
Severity: High
Exploit:

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.