CVE-2022-29822

Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection

CVE CVE-2022-29822
Title Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
Case DIVD-2022-00020
Credits
  • Thomas Rinsma of Codean (finder)
  • Kevin Valk of Codean (finder)
Affected products
Product Affected Unaffected Unknown
Feather js Feathers-Sequalize >= 6.x to < 6.3.4 (custom)
CVSS Base score: 10 (CRITICAL)
References
Problem type(s) CWE-89 SQL Injection
Date published 24 Oct 2022 22:00 UTC
Last modified 02 Jan 2024 18:32 UTC

Description

Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection

JSON version.