GMS-2016-41: SQL Injection via GeoJSON

July 18, 2016

SequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.

References

github.com/sequelize/sequelize/issues/6194
github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa

Code Behaviors & Features

Detect and mitigate GMS-2016-41 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →