CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using parentheses
CVE | CVE-2023-22578 | |||||||||||
Discovered by |
|
|||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
Page author | Victor Pasman | |||||||||||
CVSS |
Base score:
10
(CRITICAL) |
|||||||||||
References |
|
|||||||||||
Problem type(s) | CWE-790: Improper Filtering of Special Elements | |||||||||||
Last modified | 16 Feb 2023 10:10 |
Description
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
JSON version