0xtsukino
commented
1 year ago https://github.com/zkitter/zkitterd/blob/main/package.json sequelize at 6.26 on master
Closed sripwoud closed 1 year ago
0xtsukino
commented
1 year ago https://github.com/zkitter/zkitterd/blob/main/package.json sequelize at 6.26 on master
sequelizeis used as ORM library in zkitterd. Versions < 6.21.2 are vulnerable to SQL injection attacks. https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225Raw queries with string replacement are especially used for the posts search endpoint.
I don't expect breaking changes as it is a minor upgrade (didn't check though).