Vulnerability Description
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sequelizejs | Sequelize | >= 5.0.0, < 5.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984Third Party Advisory
- https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93
- https://github.com/sequelize/sequelize/pull/10746/filesPatchThird Party Advisory
- https://github.com/sequelize/sequelize/releases/tag/v5.3.0Release NotesThird Party Advisory
- https://github.com/sequelize/sequelize/blob/98cb17c17f73e2aa1792aa5a1d31216ba984Third Party Advisory
- https://github.com/sequelize/sequelize/commit/850c7fd04669e0fef9238b6dc4f8d6ee93
- https://github.com/sequelize/sequelize/pull/10746/filesPatchThird Party Advisory
- https://github.com/sequelize/sequelize/releases/tag/v5.3.0Release NotesThird Party Advisory
FAQ
What is CVE-2019-11069?
CVE-2019-11069 is a vulnerability with a CVSS score of 7.5 (HIGH). Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
How severe is CVE-2019-11069?
CVE-2019-11069 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11069?
Check the references section above for vendor advisories and patch information. Affected products include: Sequelizejs Sequelize.