GMS-2016-82: SQL Injection

October 31, 2016

Sequelize defaults SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. This leads to SQL injection.

References

github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d

Code Behaviors & Features

Detect and mitigate GMS-2016-82 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →