CVE-2022-2422 - Feathers - SQL injection via attribute aliases
CVE | CVE-2022-2422 |
Case | DIVD-2022-00020 |
Discovered by |
|
Credits |
|
Products |
Feather js:
|
Versions |
Feather js:
|
Page author | Victor Pasman |
CVSS | Base score: 10 |
References | |
Last modified | 25 Oct 2022 19:12 |
Description
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
JSON version