Miggo Logo

CVE-2016-10550: SQL Injection in sequelize

N/A

CVSS Score

Basic Information

EPSS Score
0.65488%
Published
2/18/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
sequelizenpm< 3.17.03.17.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped user input in LIMIT/OFFSET clauses. The commit diff shows critical changes where limit/offset parameters were wrapped in escape() calls across multiple dialects' query generators. The affected functions directly interpolated user-controlled values into SQL fragments without proper sanitization, particularly in the abstract base implementation and dialect-specific implementations for MSSQL, PostgreSQL, and SQLite. The added test cases in offset-limit.test.js verify proper escaping of malicious values, confirming these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `s*qu*liz*` *r* vuln*r**l* to SQL Inj**tion in lo**tions w**r* us*r input is p*ss** into t** `limit` or `or**r` p*r*m*t*rs o* `s*qu*liz*` qu*ry **lls, su** *s `*in*On*` or `*in**ll`. ## R**omm*n**tion Up**t* to v*rsion *.**.*

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** us*r input in LIMIT/O**S*T *l*us*s. T** *ommit *i** s*ows *riti**l ***n**s w**r* limit/o**s*t p*r*m*t*rs w*r* wr*pp** in `*s**p*()` **lls **ross multipl* *i*l**ts' qu*ry **n*r*tors. T** *****t** *un*tions *ir**t