CVE-2024-45308: Sequelize Mysql Case Insensitive Collision
A Sequelize query looks up a potentially case-sensitive identifier (like a short ID, token, or alias) using standard object matching `where: { field: value }`. If the database is MySQL or MariaDB, string comparisons are case-insensitive by default. This can lead to collisions or authorization bypasses because different identifiers (e.g., `Aa` and `aa`) will
JSgreprules fetch cve-2024-45308-sequelize-mysql-case-insensitive-collision --engine opengrepDescription
A Sequelize query looks up a potentially case-sensitive identifier (like a short ID, token, or alias) using standard object matching `where: { field: value }`. If the database is MySQL or MariaDB, string comparisons are case-insensitive by default. This can lead to collisions or authorization bypasses because different identifiers (e.g., `Aa` and `aa`) will
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0