Skip to the content.

CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using parentheses

CVE CVE-2023-22578
Discovered by
  • Thomas Rinsma and Kevin Valk
Credits
Affected products
Product Affected Unaffected Unknown
Feathers-Sequalize Sequelize.js = Before v7.0.0-alpha.20
everything else
Page author Victor Pasman
CVSS Base score: 10 (CRITICAL)
References
Problem type(s) CWE-790: Improper Filtering of Special Elements
Last modified 16 Feb 2023 10:10

Description

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.


JSON version