CVE-2023-22578

Sequalize - Default support for “raw attributes” when using parentheses

CVE CVE-2023-22578
Title Sequalize - Default support for “raw attributes” when using parentheses
Credits
  • Thomas Rinsma and Kevin Valk (Codean) (finder)
  • Victor Pasman (DIVD) (analyst)
Affected products
Product Affected Unaffected Unknown
Feathers-Sequalize Sequelize.js = Before v7.0.0-alpha.20 ()
everything else
CVSS Base score: 10 (CRITICAL)
References
Problem type(s) CWE-790: Improper Filtering of Special Elements
Date published
Last modified

Description

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

JSON version.