Skip to the content.

CVE-2022-2422 - Feathers - SQL injection via attribute aliases

CVE CVE-2022-2422
Case DIVD-2022-00020
Discovered by
  • Thomas Rinsma and Kevin Valk (Codean)
Credits
  • Discovered by Thomas Rinsma and Kevin Valk (Codean)
Products Feather js:
  • Feathers-Sequalize
Versions Feather js:
  • Feathers-Sequalize
    • 6.x (< 6.3.4)
Page author Victor Pasman
CVSS Base score: 10
References
Last modified 08 Dec 2022 16:28

Description

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.


JSON version