Skip to content

Code comment asserts that "where option" is vulnerable to sql injection. #10011

New issue
New issue
Closed
Closed
Code comment asserts that "where option" is vulnerable to sql injection.#10011
Labels
good first issueFor issues. An issue that is a good choice for first-time contributors.
@RichardEb

Description

@RichardEb
RichardEb
opened on Oct 9, 2018

The code comments asserts that "where option" is vulnerable to sql injection. See: https://github.com/sequelize/sequelize/blob/master/lib/dialects/abstract/query-generator.js#L1125

But as far as I understood where is safe to use from v4 on. So the comment is wrong?!

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueFor issues. An issue that is a good choice for first-time contributors.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions