kudos to Kirill from the security research team who worked on this discovery as well as providing the fixes (!) and many thanks and appreciation to the Sequelize project maintainers who worked with us on the responsible disclosure and promptly issued fixes to vulnerable versions where necessary.<p>Sequelize is a pretty popular ORM for Node.js projects so you should probably test your project with snyk and ensure you aren't vulnerable (npm audit is still lagging behind on this vulnerability for 24 days currently).