GMS-2016-76: SQL Injection via LIMIT and ORDER

October 31, 2016

If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements.

References

github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03

Code Behaviors & Features

Detect and mitigate GMS-2016-76 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →